Deleted FAQs

The Expiry Date for PA-DSS Validated Payment Applications is the date by which a vendor must have the application reassessed against the current PA-DSS requirements in order for the application …

?Two-step" or "multi-step" authentication is not the same as "two-factor" or "multi-factor". "Two-step" or "multi-step" authentication involves the subsequent presentation of one or more authentication steps after the first authentication …

PCI DSS version 2.0 expires on December 31st, 2014, and any PCI DSS 2.0 validations must be completed prior to this date. PCI DSS version 3.0 is effective from January …

The PCI Security Standards Council will make reasonable efforts to evaluate global coverage for both QSAs and ASVs, and will attempt to identify and encourage participation by qualified parties to …

PCI DSS Requirement 8 addresses secure authentication requirements and requires that all passwords and other authentication credentials be securely managed. These requirements apply to all non-consumer users and administrators. The …

PCI DSS version 3.0 is effective from January 1st, 2014, and all entities should be working towards compliance with the latest PCI standards as soon as they are able. To …

Test FAQ

No. PA-DSS version 1.2.1 is expired. New application validations using PA-DSS 1.2.1 and changes for existing listings using PA-DSS 1.2.1 are no longer accepted. In addition, applications validated using PA-DSS …

New application validations and High Impact Changes using PA-DSS 2.0 are no longer accepted. Low Impact and No Impact Changes to listed applications that were previously validated using PA-DSS 2.0 …

Yes, a payment application designed to store both hashed and truncated PAN is required to have additional controls to prevent their correlation, as noted in PA-DSS Requirement 2.3. This is …