Recent FAQ Changes RSS

Latest changes to PCI SSC frequently asked questions.

❓ FAQ 1095 Updated 2015-09-22T14:28:21+00:00

What will be the role of the PCI Security Standards Council in expanding the global coverage of both QSAs and ASVs?

The PCI Security Standards Council will make reasonable efforts to evaluate global coverage for both QSAs and ASVs, and will attempt to identify and encourage participation by …

❓ FAQ 1352 New 2015-09-22T00:00:00+00:00

For P2PE Requirement 6E-4.1, testing procedures 6E-4.1.c and d specify unique POI keys?does this mean that unique public encryption keys must exist for each POI?

This is a Technical FAQ for P2PE versions 1.x. This is a ?normative? FAQ that is considered to be part of the P2PE requirements and shall be considered during a …

❓ FAQ 1344 New 2015-09-22T00:00:00+00:00

Does P2PE Requirement 2A-2.1 mean that PIN data (which is an element of SAD) must be encrypted by the SRED functions of the PCI-approved POI device? How does this impact PIN Security Requirements for PTS devices processing PINs?

This is a Technical FAQ for P2PE versions 1.x. This is a ?normative? FAQ that is considered to be part of the P2PE requirements and shall be considered during a …

❓ FAQ 1345 New 2015-09-22T00:00:00+00:00

Is there an exception to P2PE Requirement 2A-2.1 that a P2PE application can only export PAN or SAD encrypted by the firmware of the PCI-approved POI device, where there is a legal or regulatory obligation to print the full PAN on merchant receipts?

This is a Technical FAQ for P2PE versions 1.x. This is a ?normative? FAQ that is considered to be part of the P2PE requirements and shall be considered during a …

❓ FAQ 1346 New 2015-09-22T00:00:00+00:00

For P2PE Requirement 2A-3, can a P2PE PCI-approved POI device have a ?separation layer? that is assessed once in a P2PE assessment and thereafter relied upon to exclude from review those applications on the device with no access to cardholder data?

This is a Technical FAQ for P2PE versions 1.x. This is a ?normative? FAQ that is considered to be part of the P2PE requirements and shall be considered during a …

❓ FAQ 1347 New 2015-09-22T00:00:00+00:00

What are secure methods for a merchant to transport a terminal to meet requirements specified in P2PE Requirement 3A-2.4 and the P2PE Instruction Manual?for example, if a merchant has to return a POI device to their vendor for repair?

This is a Technical FAQ for P2PE versions 1.x. This is a ?normative? FAQ that is considered to be part of the P2PE requirements and shall be considered during a …

❓ FAQ 1348 New 2015-09-22T00:00:00+00:00

For P2PE Requirement 3A-4.2, are POI devices required to be physically secured (e.g., bolted to a counter-top or tethered with a cable) in the merchant environment? How does this requirement apply to handheld/wireless POI devices?

This is a Technical FAQ for P2PE versions 1.x. This is a ?normative? FAQ that is considered to be part of the P2PE requirements and shall be considered during a …

❓ FAQ 1349 New 2015-09-22T00:00:00+00:00

For P2PE Requirement 3B-1, are solution providers required to maintain the physical security of devices throughout their lifecycle regardless of where the devices are located?

This is a Technical FAQ for P2PE versions 1.x. This is a ?normative? FAQ that is considered to be part of the P2PE requirements and shall be considered during a …

❓ FAQ 1343 New 2015-09-22T00:00:00+00:00

Is it expected that P2PE applications be assessed per Domain 2 requirements (for example, 2A-1.2.c) if forensics tools are not effective due to architectural constraints of the POI device?

This is a Technical FAQ for P2PE versions 1.x. This is a ?normative? FAQ that is considered to be part of the P2PE requirements and shall be considered during a …

❓ FAQ 1350 New 2015-09-22T00:00:00+00:00

Is there an exception to P2PE Requirement 3B-3.1 that a merchant cannot view full PAN, for those areas where there is a legal or regulatory obligation to print the full PAN on merchant receipts?

This is a Technical FAQ for P2PE versions 1.x. This is a ?normative? FAQ that is considered to be part of the P2PE requirements and shall be considered during a …