No. There are no PCI DSS requirements that apply to manual imprinters (also known as “zip-zap” and “knuckle-buster” machines). They are not card reading devices as defined in Requirement 9.9, …
PCI DSS is the standard for merchants and service providers to protect cardholder data. The PA-DSS and PTS device security requirements support the overall implementation of PCI DSS by allowing …
No. PCI DSS Requirement 4.2.2. prohibits the sending of unprotected primary account numbers (PANs) via end-user messaging technologies, whether sent internally or over public networks. E-mail, instant messaging, SMS, and …
PCI DSS does not prevent the use of end-user technologies (such as email, SMS, chat, etc.) to request or receive cardholder data. However, if an end-user messaging technology is used …
Any cardholder data that is stored, processed, or transmitted must be protected in accordance with PCI DSS. If faxes are sent or received via modem over a traditional PSTN phone …
PCI DSS does not define minimum or maximum times for how long cardholder data may be stored. PCI DSS Requirement 3.2.1 specifies that a data retention and disposal policy must …
PCI DSS Requirement 10.4.1 defines several events and system types that require daily log reviews, but Requirement 10.4.2 allows the organization to determine the log review frequency for all other …
No, PCI DSS Requirement 9.5 does not require devices to be fixed in place or physically attached to a surface. Requirement 9.5 and its three sub-requirements address three areas of …
Yes. Using strong cryptography to hash the password meets the intent of the PCI DSS Requirement 8.3.2, which requires that all authentication factors be rendered unreadable during transmission and storage …
PCI DSS requirements apply to all system components, unless it has been verified that a requirement is not applicable for a particular system. Decisions about the applicability of PCI DSS …