Deleted FAQs

Test FAQ

New validations and High Impact Changes using PA-DSS v3.1 will be accepted until 31 August 2016. Low Impact and No Impact Changes to listed applications that were previously validated to …

PCI DSS version 2.0 expires on December 31^st, 2014, and any PCI DSS 2.0 validations must be completed prior to this date. PCI DSS version 3.0 is effective …

PCI DSS version 3.0 is effective from January 1^st, 2014, and all entities should be working towards compliance with the latest PCI standards as soon as they are …

The Expiry Date for PA-DSS Validated Payment Applications is the date by which a vendor must have the application reassessed against the current PA-DSS requirements in order for the application …

New application validations and High Impact Changes using PA-DSS 2.0 are no longer accepted. Low Impact and No Impact Changes to listed applications that were previously validated using PA-DSS 2.0 …

Payment Application Qualified Security Assessors (PA-QSAs) are qualified by the Council to validate payment applications for compliance to PA-DSS. A list of PA-QSAs is available on the Council website. A …

?Two-step? or ?multi-step? authentication is not the same as ?two-factor? or ?multi-factor?. ?Two-step? or ?multi-step? authentication involves the subsequent presentation of one or more authentication steps after the first authentication …

Yes, a payment application designed to store both hashed and truncated PAN is required to have additional controls to prevent their correlation, as noted in PA-DSS Requirement 2.3. This is …

Yes; PA-DSS v3.0 requires that a strong, one-way cryptographic algorithm with a unique input variable be used to render all payment application passwords unreadable during storage. This meets the intent …