FAQs that have been removed from the PCI SSC website or have dead links.
No. When validating payment application compliance through a Report on Validation (ROV) you may not 'combine' requirements from multiple versions of the standard — your assessment must be to one …
This is a Technical FAQ for P2PE versions 1.x. This is a "normative" FAQ that is considered to be part of the P2PE requirements and shall be considered during a …
Without proper network segmentation to isolate the systems that store, process or transmit cardholder data from those that do not, all system components in that network are considered part of …
If your company provides services which meet the definition of a P2PE component provider as set out in the P2PE Program Guide v2, then it may be possible for those …
This is a Technical FAQ for P2PE versions 1.x. This is a "normative" FAQ that is considered to be part of the P2PE requirements and shall be considered during a …
Application version numbers may consist of any combination of alphanumeric characters to create a unique version, discernible from other versions of that payment application, based on the vendor's versioning methodology. …
The List of Validated Payment Applications on the PCI SSC website is the authoritative list of applications which have been accepted by PCI SSC as PA-DSS validated. If an application …
This is a Technical FAQ for P2PE versions 1.x. This is a "normative" FAQ that is considered to be part of the P2PE requirements and shall be considered during a …
The PCI Data Security Standard represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information. Initially created by aligning Visa's Account Information …
No. In order to meet PA-DSS and PCI DSS requirements, the payment application must facilitate the customers' ability to perform key changes periodically and as required by the customer in …
