Deleted FAQs

No. There are no PCI DSS requirements that apply to manual imprinters (also known as “zip-zap” and “knuckle-buster” machines). They are not card reading devices as defined in Requirement 9.9, …

The current version of PA-DSS is v3.2. Effective 1 September 2016, all new payment applications must be validated using PA-DSS v3.2.

New payment application validations and High Impact Changes …

The term “two-factor” was replaced with the term “multi-factor” in several requirements in PCI DSS v3.2 (Requirements 8.3, 8.3.1, 8.3.2, and 8.5.1). The intent of this change was to use …

The Prioritized Approach Tool for PCI DSS v3.2 includes an update to the built-in formulas to remove “N/A” (Not Applicable) responses from the Percent Complete calculation. Previously, a response of …

PCI DSS Requirement 11.4.6 requires service providers that use segmentation to isolate the cardholder data environment (CDE) from other networks to perform penetration tests on those segmentation controls at least …

The Expiry Date for PA-DSS Validated Payment Applications is the date by which a vendor must have the application reassessed against the current PA-DSS requirements in order for the application …

New application validations and High Impact Changes using PA-DSS 2.0 are no longer accepted. Low Impact and No Impact Changes to listed applications that were previously validated using PA-DSS 2.0 …

PCI DSS Requirement 8 addresses secure authentication requirements and requires that all passwords and other authentication credentials be securely managed. These requirements apply to all non-consumer users and administrators. The …

Payment Application Qualified Security Assessors (PA-QSAs) are qualified by the Council to validate payment applications for compliance to PA-DSS. A list of PA-QSAs is available on the Council website. A …

PCI DSS version 2.0 expires on December 31^st, 2014, and any PCI DSS 2.0 validations must be completed prior to this date. PCI DSS version 3.0 is effective …