Masking is addressed in PCI DSS Requirement 3.3, whereas truncation is one of several options specified to meet PCI DSS Requirement 3.4. Masking and truncation are both methods of rendering …

PCI DSS applies to any entity that stores, processes or transmits cardholder data.

If a merchant outsources all their payment operations, the applicable PCI DSS requirements for the protection …

While the PCI Security Standards Council (PCI SSC) manages the security standards and provides training for security assessors, we do not enforce compliance or define validation reporting requirements. Compliance validation …

SAQ C-VT is a self-assessment questionnaire designed for brick-and-mortar (card-present) or mail/telephone-order (card-not-present) merchants that process cardholder data via virtual terminals on personal computers connected to the Internet, and that …

SAQ C-VT does not replace SAQ C. Each SAQ is designed to support a different type of cardholder data environment. At a high level, SAQ C is intended for merchants …

A virtual terminal is web browser-based access to an acquirer, processor or third party service provider website to authorize payment card transactions over the Internet, where the merchant manually enters …

Network segmentation of, or isolating (segmenting), the cardholder data environment from the remainder of an entity?s network is strongly recommended as a method that may reduce the scope of a …

Revalidation Date: Annually, the software vendor is required to revalidate by completing Part 3b of the Attestation of Validation form, confirming that no changes have been made to the application …