Recent FAQ Changes

FAQ #1571 Updated 2024-02-28T00:50:00+00:00

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …

FAQ #1571 Updated 2024-02-28T00:41:00+00:00

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant?s PFI Investigation and produce the PFI Final Report, with details of adequate evidence …

FAQ #1571 Updated 2024-02-28T00:41:00+00:00

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …

FAQ #1086 Updated 2024-02-28T00:41:00+00:00

How does encrypted cardholder data impact PCI DSS scope?

Encryption of cardholder data with strong cryptography is an acceptable method of rendering the data unreadable according to PCI DSS Requirement 3.5.1. However, encryption alone is insufficient to render the …

FAQ #1571 Updated 2024-02-28T00:16:00+00:00

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …

FAQ #1158 Updated 2024-02-28T00:16:00+00:00

What effect does the use of a PCI-listed P2PE solution have on a merchant's PCI DSS validation?

A PCI-listed P2PE solution can significantly reduce the number of PCI DSS requirements applicable to a merchant's cardholder data environment. However, it does not completely remove the applicability of PCI …

FAQ #1571 Updated 2024-02-27T21:54:00+00:00

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant?s PFI Investigation and produce the PFI Final Report, with details of adequate evidence …

FAQ #1571 Updated 2024-02-27T21:54:00+00:00

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …

FAQ #1221 Updated 2024-02-27T21:54:00+00:00

To which types of service providers does PCI DSS Appendix A1 apply?

All service providers are responsible for meeting PCI DSS requirements for their environments as applicable to the services offered to their customers. In addition, PCI DSS Appendix A1: Additional PCI …

FAQ #1571 Updated 2024-02-27T21:31:00+00:00

Is the expectation that any PFI investigation initiated must result in a PFI Final Report?

Yes, a PFI Final Report is required. The expectation is that the PFI must complete the merchant’s PFI Investigation and produce the Final PFI Report, with details of adequate evidence …