How do I contact the payment card brands?
Contact the payment brands and/or acquirer (merchant bank) for more information about PCI compliance programs.
Contact details for the payment brands are provided below:
| American Express | …
Recent Updates
The latest changes across all tracked PCI resources.
What type of assessor signatures are allowable for PCI SSC attestation documentation?
Attestation documents, including AOCs, AOVs, and program-related attestations, that are provided by the PCI SSC require an assessor's signature. The assessor's signature signifies the individual has knowledge, approval, and acceptance …
Which P2PE Program Guide version do I use?
P2PE v2 Program Guide: Used for the assessment and management of P2PE v2 solutions, applications, and components.P2PE v3 Program Guide: Used for the assessment and management of P2PE v3 …
Can PCI-listed P2PE v2 components be used as part of a P2PE v3 solution?
Yes. P2PE solutions validated to P2PE v3.0 can contain P2PE components and applications validated using P2PE v2.0. Note, the P2PE v2 components are governed by the P2PE v2 Program Guide. …
Can PCI-listed P2PE v3 components be used as part of a P2PE v2 solution?
Only the PCI-listed P2PE v3 component types that also exist in P2PE v2 may be used in a P2PE v2 solution assessment, which are:
- Encryption Management
- Decryption …
Are software vendors wishing to undergo validation to the PCI Secure Software Lifecycle (Secure SLC) Standard also required to have payment software listed or in the process of being validated to the PCI Secure Software Standard?
It is not necessary for a software vendor to have payment software listed or in the process of being validated to the PCI Secure Software Standard in order to become …
What changes are PFI companies allowed to make to the PFI Reporting Templates?
PCI SSC recognizes that there may be a need for PFIs to personalize the PFI Report Templates, such as adding a company logo or add rows for more detail. However, …
Does PCI P2PE allow for partial assessments of third parties with services that will be used in one or more P2PE solutions?
No. PCI P2PE allows for P2PE component providers to formalize the process of assessing third parties. Therefore, it is not allowable to perform partial P2PE assessments and reuse (for example, …
Can PCI-listed P2PE v3 applications be used in PCI P2PE v2 listed solutions/components?
Yes, a PCI-listed P2PE application validated to P2PE v3 can be used as part of a P2PE solution or component validated to P2PE v2. Note that the associated P2PE Program …
Which P2PE Program Guide version do I use?
P2PE v2 Program Guide: Used for the assessment and management of P2PE v2 solutions, applications, and components.P2PE v3 Program Guide: Used for the assessment and management of P2PE v3 …
Can PCI-listed P2PE v3 components be used as part of a P2PE v2 solution?
Only the PCI-listed P2PE v3 component types that also exist in P2PE v2 may be used in a P2PE v2 solution assessment, which are:
- Encryption Management
- Decryption …
Can PCI-listed P2PE v2 components be used as part of a P2PE v3 solution?
Yes. P2PE solutions validated to P2PE v3.0 can contain P2PE components and applications validated using P2PE v2.0. Note the P2PE v2 components are governed by the P2PE v2 Program Guide. …
Can PCI-listed P2PE v2.0 applications be used in PCI P2PE v3 solutions/components?
Yes. P2PE applications currently listed as a valid PCI P2PE v2.0 application can be used in a PCI P2PE v3 solution or component and must be included as part of …
Can merchants use encryption solutions not listed on the PCI Council's website to reduce their PCI DSS validation effort?
Yes, however, PCI SSC recommends the use of PCI-listed P2PE solutions. Reference to What effect does the use of a PCI-listed P2PE solution have on a merchant's PCI DSS validation? …
Is the PCI P2PE Standard applicable for merchants that have developed/implemented their own encryption solution?
Yes. Please see the Frequently Asked Questions (FAQ) for Validation Processes for Merchant-Managed Solutions on the PCI SSC website.