369 FAQ Links Changed
March 28, 2026 — PCI SSC changed the URL format for these FAQs. Content is unchanged.
Is it permissible to use self-decrypting files for encryption to send cardholder data?
Is it permissible to use FTP if proper security measures are implemented?
How extensive must background checks be for employees who have access to cardholder data?
In what circumstances is multi-factor authentication required?
What is the definition of "merchant"?
Does PCI DSS Requirement 8.2.2 allow users to share authentication credentials?
Does PCI DSS require both database and application logging?
If a merchant has multiple processing environments, should the merchant complete multiple SAQ to validate their PCI DSS compliance?
What is the mission of the PCI Security Standards Council?
What is the intent of PCI DSS Requirement 3.4.1?
Can unencrypted PANs be sent over e-mail, instant messaging, SMS, or chat?
How does encrypted cardholder data impact PCI DSS scope?
For vulnerability scans, what is meant by "quarterly" or "at least once every three months"?
What is meant by "adequate network segmentation" in the PCI DSS?
How can hashing be used to protect Primary Account Numbers (PAN) and in what circumstances can hashed PANs be considered out of scope for PCI DSS?
What are acceptable formats for truncation of primary account numbers?
Does PCI DSS apply to merchants who outsource all payment processing operations and never store, process or transmit cardholder data?
Do PCI DSS requirements for protecting stored cardholder data apply to mainframes?
Will the PCI Security Standards Council be involved in performing forensics investigations as a result of an account data compromise event?
When a QSA or ASV is newly approved, who is the contact at the PCI Security Standards Council to request a press release?
How does PCI DSS apply to individual PCs or workstations?
Are truncated Primary Account Numbers (PAN) required to be protected in accordance with PCI DSS?
What is the scope of the PCI Security Standards Council's activities?
In what way does the PCI Security Standards Council make payment card data more secure?
PCI DSS provides a common data security standard across all payment brands. Are there any plans to provide a common structure of penalties and/or fines for non-compliance to this standard?
Changed from https://www.pcisecuritystandards.org/faq/articles/Frequently_Asked_Question/pci-dss-provides-a-common-data-security-standard-across-all-payment-brands-are-there-any-plans-to-provide-a-common-structure-of-penalties-and-or-fines-for-non-compliance-to-this-standard/ to https://www.pcisecuritystandards.org/faqs/1124/