Deleted FAQs - PCI Watch

FAQ #1289 Deleted Last seen: 2014-06-11T22:58:54+00:00

Does the PA-DSS v3.0 requirement for hashing stored passwords meet PCI DSS Requirement 8.2.1?

Yes; PA-DSS v3.0 requires that a strong, one-way cryptographic algorithm with a unique input variable be used to render all payment application passwords unreadable during storage. This meets the intent …

FAQ #1287 Deleted Last seen: 2014-06-11T22:56:23+00:00

Why does PA-DSS v3.0 require passwords to be protected by a one-way hash (Requirement 3.3.2), whereas PANs can be stored in an encrypted form (Requirement 2.3)?

A payment application is required to restrict administrative access and access to cardholder data to authenticated (Requirement 3.1.4), authorized (Requirement 3.1) users. Where users authenticate to the payment application using …

FAQ #1219 Deleted Last seen: 2013-01-23T01:09:23+00:00

How can issuers be PCI DSS compliant if they store sensitive authentication data?

With regard to issuers or companies that support issuing services such as third party processors (TPPs), and other issuing type processors, it is recognized that such entities may have a …

FAQ #1218 Deleted Last seen: 2013-01-23T01:06:43+00:00

How do I select the Self-Assessment Questionnaire that best applies to my organization?

According to payment brand rules, all merchants and their service providers are required to comply with the PCI Data Security Standard in its entirety. There are five PCI Data Security …

FAQ #1090 Deleted Last seen: 2012-04-15T22:22:50+00:00

What are acceptable formats for masking of primary account numbers (PAN)?

PCI DSS Requirement 3.3 specifies that PAN is masked when displayed and that a maximum of the first 6 and last 4 digits of the PAN can be displayed. Note …