PCI Watch - Tracking changes across the Payment Card Industry

❓ PCI SSC FAQs FAQ #1091 Updated 2021-11-05T00:00:00+00:00

What are acceptable formats for truncation of primary account numbers?

This FAQ reflects updates as of November 2021 for acceptable truncation formats for different PAN / BIN lengths.

Acceptable truncation formats vary according to PAN length and Participating Payment …

❓ PCI SSC FAQs FAQ #1538 New 2021-11-01T18:38:00+00:00

What is the process to initiate a software evaluation to the PCI Secure Software Standard?

Vendors that want to have their software assessed to the PCI Secure Software Standard initiate the process by engaging a qualified Secure Software assessor from the PCI SSC list of …

❓ PCI SSC FAQs FAQ #1549 Updated 2021-11-01T18:35:00+00:00

Is software-as-a-service (SaaS) eligible for Secure Software Standard validation and listing?

Yes, if the software in question meets all stated eligibility criteria in effect at the time of submission, software-as-a-service may be validated to the Secure Software Standard and listed on …

❓ PCI SSC FAQs FAQ #1547 New 2021-11-01T18:32:00+00:00

Are currently listed PA-DSS payment applications required to be revalidated using the Secure Software Standard?

After 28 October 2022, all previously validated PA-DSS applications will be expired and moved to the "Acceptable Only for Pre-existing Deployments" list on the PCI SSC website. Payment application vendors …

❓ PCI SSC FAQs FAQ #1543 New 2021-11-01T18:19:00+00:00

Who is qualified to perform assessments to the PCI Secure SLC Standard?

Secure SLC Assessors are qualified by PCI SSC to validate software vendor adherence to the Secure SLC Standard.Qualified Secure SLC Assessors will have the Assessment Type of "Secure SLC" noted …

❓ PCI SSC FAQs FAQ #1542 New 2021-11-01T18:16:00+00:00

What is the process for PCI Secure SLC Qualification?

Vendors that want to have their software development processes assessed to the Secure SLC standard may initiate the process by engaging a qualified Secure SLC assessor from the PCI SSC …

❓ PCI SSC FAQs FAQ #1540 New 2021-11-01T18:11:00+00:00

What software is eligible for validation to the PCI Secure Software Standard?

The eligibility criteria for software validation to the PCI Secure Software Standard is defined in the Secure Software Program Guide, available in the Document Library. Whether an entity is …

❓ PCI SSC FAQs FAQ #1539 New 2021-11-01T18:08:00+00:00

Who is qualified to perform assessments to the PCI Secure Software Standard?

Secure Software Assessors are qualified by PCI SSC to validate payment software adherence to the Secure Software Standard. Qualified Secure Software Assessors will have the Assessment Type of "Secure Software" …

❓ PCI SSC FAQs FAQ #1548 New 2021-11-01T00:00:00+00:00

Are Secure Software Assessors or Secure Software Lifecycle Assessors required to report Continuing Professional Education (CPE) credits to PCI SSC?

No. Secure Software Assessors and Secure SLC Assessors in good standing do not need to report CPEs to PCI SSC. The CPEs that these Assessors are required to obtain and …

❓ PCI SSC FAQs FAQ #1546 New 2021-11-01T00:00:00+00:00

Can multiple changes for a Secure Software listing be submitted within a single change submission?

Yes, it is possible to submit multiple changes to a software listing, however, details of each change must be provided separately using Section C1 of the Change Impact Template (located …

❓ PCI SSC FAQs FAQ #1544 New 2021-11-01T00:00:00+00:00

Does PCI SSC provide a list of software vendors whose software development process(es) have been validated to the Secure SLC Standard?

Yes. Vendors whose software development practices have been validated to the Secure SLC Standard are added to the list of Secure SLC Qualified Vendors.

❓ PCI SSC FAQs FAQ #1541 New 2021-11-01T00:00:00+00:00

Recent Updates RSS

What are acceptable formats for truncation of primary account numbers?

What is the process to initiate a software evaluation to the PCI Secure Software Standard?

Is software-as-a-service (SaaS) eligible for Secure Software Standard validation and listing?

Are currently listed PA-DSS payment applications required to be revalidated using the Secure Software Standard?

Who is qualified to perform assessments to the PCI Secure SLC Standard?

What is the process for PCI Secure SLC Qualification?

What software is eligible for validation to the PCI Secure Software Standard?

Who is qualified to perform assessments to the PCI Secure Software Standard?

Are Secure Software Assessors or Secure Software Lifecycle Assessors required to report Continuing Professional Education (CPE) credits to PCI SSC?

Can multiple changes for a Secure Software listing be submitted within a single change submission?

Does PCI SSC provide a list of software vendors whose software development process(es) have been validated to the Secure SLC Standard?

When must validated payment software be revalidated?

Are there prerequisite PCI SSC program requirements to meet before qualifying as an SSF Assessor Company?

Is software-as-a-service (SaaS) eligible for Secure Software Standard validation and listing?

Security leaders envision PCI DSS 4.0 and beyond