No. If cryptographic keys are provided by the application vendor as part of the application, the keys must be unique to each customer or installation. An application that requires the …
No. In order to meet PA-DSS and PCI DSS requirements, the payment application must facilitate the customers? ability to perform key changes periodically and as required by the customer in …
PCI DSS is the standard for merchants and service providers to protect cardholder data. The PA-DSS and PTS device security requirements support the overall implementation of PCI DSS by allowing …
With regard to issuers or companies that support issuing services such as third party processors (TPPs), and other issuing type processors, it is recognized that such entities may have a …
The Council is looking for equivalent controls that address malware and all types of threats referenced in Requirement 5, which are often found in traditional anti-virus solutions. If another type …
The Council will be developing more formal guidance around this topic, leveraging information that is received through the various channels of the DSS lifecycle feedback process. Until further guidance is …
Overall ATM requirements are not currently included in the PTS program so there is no cause for action in this regard. The Encrypting PIN Pad category will still feature in …
The new name reflects an expanding standards program that will continue to incorporate other parts of the PIN based payment chain beyond PED and other physical devices. For example in …
No. The council will continue to offer approved device listings on our website. Any proposed changes to the PTS program discussed at the Community Meeting will have no material impact …
PCI DSS applies to any entity that stores, processes, or transmits cardholder data and any such entity is expected to comply with PCI DSS, including acquirers. However, each payment card …