Latest changes to PCI SSC frequently asked questions.
While some ASVs may report DoS vulnerabilities as relatively high risks, the PCI SSC has clearly instructed ASVs to not consider this vulnerability when determining compliance of the ASV scan …
No. In order to meet PA-DSS and PCI DSS requirements, the payment application must facilitate the customers' ability to perform key changes periodically and as required by the customer in …
No. If cryptographic keys are provided by the application vendor as part of the application, the keys must be unique to each customer or installation. An application that requires the …
If the ISP only provides a "pipe" for internet access, then it is not considered a service provider and is not subject to PCI DSS compliance. However, if the ISP …
In general, frame relay can be considered private if it is dedicated to the customer's traffic. The PCI DSS requires encryption for transmission of cardholder data over public networks, not …
| If the cardholder data is stored in non-persistent memory (e.g. RAM), encryption of cardholder data is not required. However, proper controls must … |
The PCI DSS is a global standard and is applicable to all entities that process, transmit or store cardholder data regardless of geographic location. Each payment brand manages their PCI …
The requirements for Payment Application Data Security Standard (PA-DSS) are derived from the Payment Card Industry Data Security Standard (PCI DSS). This document details what is required for a merchant …
The address for the PCI Security Standards Council is:
PCI Security Standards Council, LLC 401 Edgewater Place, Suite 600Wakefield, MA 01880
The PCI Security Standards Council (PCI SSC) mission is to develop, maintain and build awareness around the standards and supporting programs. Additionally, the PCI SSC strives to ensure that implementing …
