Are PFIs required to fill out all the fields in the Final PFI Report?
→
Reinstated FAQs
28 FAQs have been deleted from the PCI SSC website and later restored.
How can I determine whether a QSA is authorized to perform PCI DSS assessments in all countries that are in scope for my company's PCI DSS assessment?
→
PCI DSS provides a common data security standard across all payment brands. Are there any plans to provide a common structure of penalties and/or fines for non-compliance to this standard?
→
Are administrators allowed to share passwords?
→
Does PCI DSS apply to merchants who outsource all payment processing operations and never store, process or transmit cardholder data?
→
What should a merchant do if cardholder data is accidentally received via an unintended channel?
→
If a merchant is using a payment application listed as "acceptable only for pre-existing deployments", is the merchant allowed to install more copies of the application?
→
Do all PCI DSS requirements apply to every system component?
→
Are point-of-sale devices required to be physically secured (e.g. with a cable or tether) to prevent removal or substitution in order to meet PCI DSS Requirement 9.9?
→
Are merchants allowed to request that cardholder data be provided over end-user messaging technologies?
→