The latest changes across all tracked PCI resources.
As described in PCI DSS Requirement 8.3, multi-factor authentication (previously referred to as two-factor authentication) is required for all remote network access that originates from outside the entity’s own network, …
While PCI DSS does not require that PCI PTS-approved devices be used, some payment brands have their own requirements for using PTS-approved devices, including whether PTS devices with expired approvals …
Acquirers, on behalf of the payment brands, are responsible for determining the PCI DSS validation and reporting method of their merchant customers, including how compliance is to be evidenced?for example, …
The Servicing Markets element of the Qualified Security Assessor (QSA) listing indicates the geographic regions or countries for which the QSA Company is authorized by PCI SSC to perform PCI …
The Servicing Markets element of the Qualified Security Assessor (QSA) listing indicates the geographic regions or countries for which the QSA Company is authorized by PCI SSC to perform PCI …
Yes, per the Final PFI Report template instructions, the report template must be completed fully. Therefore, all fields are mandatory; any exceptions must be discussed with and approved by the …
P2PE Solutions and applicable P2PE Components undergoing an initial assessment (i.e., they are not performing a reassessment on an existing PCI P2PE approval listing) must use non-expired HSMs (i.e., not …
An assessor that is listed as a QSA for PCI DSS and QPA for PCI PIN on the PCI SSC website may be eligible to perform both types of assessments, …
The "Date of Report" indicates the completion date of the ROC, and therefore must be no earlier than the date on which the QSA completed collection and validation of corresponding …
Merchants eligible to complete SAQ A are e-commerce or mail-order/telephone-order (MOTO) merchants that outsource all payment processing and do not store, process or transmit cardholder data on their premises or …
The password requirements in PCI DSS include a minimum level of complexity and strength intended to be met by all types of organizations using a range of technologies. PCI SSC …
Merchants eligible to complete SAQ A are e-commerce or mail-order/telephone-order (MOTO) merchants that outsource all payment processing and do not store, process or transmit cardholder data on their premises or …
The password requirements in PCI DSS include a minimum level of complexity and strength intended to be met by all types of organizations using a range of technologies. PCI SSC …
?Two-step? or ?multi-step? authentication is not the same as ?two-factor? or ?multi-factor?. ?Two-step? or ?multi-step? authentication involves the subsequent presentation of one or more authentication steps after the first authentication …
The PCI Security Standards Council will make reasonable efforts to evaluate global coverage for both QSAs and ASVs, and will attempt to identify and encourage participation by qualified parties to …