Latest changes to PCI SSC frequently asked questions.
The intent of this requirement is to prevent an unauthorized person from using an unattended console/PC to gain access to the user's computer and accounts, and potentially to the company's …
Any evidence reviewed as part of a PCI DSS assessment, where the assessor deems it to be valid when it is reviewed, remains valid for that assessment and does not …
The term “two-factor” was replaced with the term “multi-factor” in several requirements in PCI DSS v3.2 (Requirements 8.3, 8.3.1, 8.3.2, and 8.5.1). The intent of this change was to use …
No. There are no PCI DSS requirements that apply to manual imprinters (also known as “zip-zap” and “knuckle-buster” machines). They are not card reading devices as defined in Requirement 9.9, …
No. PCI SSC does not require that an entity's assessor go onsite to the entity's TPSP and retest PCI DSS requirements that have already been covered in the TPSP's current …
The PCI Security Standards Council (PCI SSC) maintains a robust evaluation and qualification program for approved security assessors and scanning vendors. Information on becoming a qualified assessor or scan vendor …
PCI DSS is the standard for merchants and service providers to protect cardholder data. The PA-DSS and PTS device security requirements support the overall implementation of PCI DSS by allowing …
All service providers are expected to meet PCI DSS requirements as applicable to the services offered to their customers. In addition, PCI DSS Appendix A1: Additional PCI DSS Requirements for …
The PA-DSS details the requirements a payment application must meet in order to facilitate a customer’s PCI DSS compliance. PA-DSS validated payment applications, when implemented in a PCI DSS-compliant environment, …
The intent of this requirement is to address the acceptability of disk encryption for rendering cardholder data unreadable. Disk encryption encrypts data stored on a computer’s mass storage and automatically …
