FAQs that have been removed from the PCI SSC website or have dead links.
The PCI Point-to-Point Encryption (P2PE) Standard contains detailed security requirements and testing procedures for application vendors and providers of P2PE solutions to ensure that their solutions can meet the necessary …
To minimize changes to the standards, the PCI Security Standards Council (PCI SSC) has established a lifecycle approach for PCI DSS and PA-DSS, where version changes to the standards will …
Host systems are used in hybrid decryption environments to decrypt account data for the purpose of processing payments. A Host system is a computer or other device that is not …
PCI DSS Requirement 9.1.1 addresses the need for video cameras and/or access control mechanisms to monitor individual physical access to sensitive areas. "Sensitive areas" refers to any data center, server …
No. There are no PCI DSS requirements that apply to manual imprinters (also known as "zip-zap" and "knuckle-buster" machines). They are not card reading devices as defined in Requirement 9.9, …
When a PA-DSS validated payment application has expired, it is listed as acceptable only for pre-existing deployments, or in other words, for customers that have already purchased and deployed the …
The Prioritized Approach Tool for PCI DSS v3.2 includes an update to the built-in formulas to remove "N/A" (Not Applicable) responses from the Percent Complete calculation. Previously, a response of …
The current version of PA-DSS is v3.2. Effective 1 September 2016, all new payment applications must be validated using PA-DSS v3.2. New payment application validations and High Impact Changes using …
The term "two-factor" was replaced with the term "multi-factor" in several requirements in PCI DSS v3.2 (Requirements 8.3, 8.3.1, 8.3.2, and 8.5.1). The intent of this change was to use …
The PCI P2PE Standard does not define specific form factors nor does it restrict the type of form factor that can be used for an HSM in P2PE solutions. However, …
