Latest changes to PCI SSC frequently asked questions.
The At-Risk Timeframe refers to the period of time data elements, such as account data, were at risk for this Entity Under Investigation during the incident under investigation. A data …
Yes. PCI DSS v4.x requires the success of all authentication factors before access is granted. However, it is acceptable under PCI DSS to indicate that one factor has been successful …
Yes, but use of any shared authentication credentials such as group, shared, or generic IDs (including for administrator accounts such as admin or root) must be prevented unless needed …
For PCI DSS assessments documented in a Report on Compliance (ROC), the Date of Report is considered the completion date for the PCI DSS assessment. This denotes the date when …
For PCI DSS assessments documented in a Self-Assessment Questionnaire (SAQ), the Self-Assessment completion date denotes the date the PCI DSS self-assessment was completed, either by the entity, or, if applicable, …
The objective of PCI DSS Requirement 6.4.3 is to ensure that unauthorized code cannot be executed in the payment page as it is rendered in the consumer's browser.
In …
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant's PFI Investigation and produce the Final PFI Report, with details of adequate evidence …
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …
PFI Companies must adhere to the independence requirements of the PFI program as defined in the PFI Qualification Requirements and PFI Program Guide. Whether a PFI Company can conduct a …
Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant?s PFI Investigation and produce the PFI Final Report, with details of adequate evidence …
