Any cardholder data that is stored, processed, or transmitted must be protected in accordance with PCI DSS. If faxes or emails are sent or received via modem over a traditional …

The PCI SSC does not certify service providers as PCI DSS compliant. All entities that store, process or transmit cardholder data are required to comply with the PCI DSS and …

In general, frame relay can be considered private if it is dedicated to the customer?s traffic. The PCI DSS requires encryption for transmission of cardholder data over public networks, not …

If the ISP only provides a ?pipe? for internet access, then it is not considered a service provider and is not subject to PCI DSS compliance. However, if the ISP …

PCI DSS applies to any entity that stores, processes, or transmits cardholder data. Whether entities with cardholder data on their own corporate cards need to validate compliance is determined by …

Systems that store only truncated PANs (where a segment of PAN data has been permanently removed) may be considered out of scope for PCI DSS if that system is adequately …

In general, MPLS networks are considered ?private? networks and do not require encryption. This, however, is dependent upon the specific provider and/or configuration. If the IP addresses are public and …

If a merchant has multiple processing environments, whereby one environment qualifies it to complete SAQ form A and another qualifies it to complete SAQ form B, then it is advisable …

The PCI SSC does not mandate the use of any one approach to PCI DSS compliance. The Prioritized Approach is designed as a reporting tool to help entities understand where …

The Prioritized Approach tool is intended to help guide non-compliant entities to work through the process of becoming PCI DSS compliant. The Prioritized Approach does not supersede or replace the …