Latest changes to PCI SSC frequently asked questions.
The PCI Security Standards Council (PCI SSC) mission is to develop, maintain and build awareness around the standards and supporting programs. Additionally, the PCI SSC strives to ensure that implementing …
The Card Production Logical and Physical Security Requirements were published by PCI SSC in 2013, and are intended to provide manufacturers and producers of payment cards with a comprehensive resource …
No. PCI DSS sensitive authentication data (SAD) consists of full magnetic-stripe data, card verification codes or values, and PINs or PIN blocks. PCI DSS specifically prohibits storage of SAD after …
Yes. Assessors have two options when performing PCI DSS testing procedures; they can either: 1) test a representative sample of the population according to the assessor's defined sampling methodology, or …
Payment terminals (sometimes referred to as point-of-sales systems, point-of-interaction devices, or payment devices) are physical devices that capture payment card data to process transactions. Because these devices are directly involved …
Encryption of cardholder data with strong cryptography is an acceptable method of rendering the data unreadable according to PCI DSS Requirement 3.5.1. However, encryption alone is insufficient to render the …
Where a third-party service provider (TPSP) receives and/or stores only data encrypted by another entity, and where they do not have the ability to decrypt the data, the TPSP may …
One-way hashing is a method that can be used to render PAN unreadable in storage. The hashing process and results, as well as the system(s) that perform the hashing, are …
The List of Validated Payment Applications on the PCI SSC website is the authoritative list of applications which have been accepted by PCI SSC as PA-DSS validated. If an application …
