FAQs that have been removed from the PCI SSC website or have dead links.
Any fines and/or penalties associated with non-compliance with the PCI DSS and/or confirmed security breaches are defined by each of the payment card brands.For more specific information, please contact the …
No. If cryptographic keys are provided by the application vendor as part of the application, the keys must be unique to each customer or installation. An application that requires the …
This FAQ is intended for entities migrating from SSL/early TLS.In December 2015, PCI SSC announced that the deadline for migrating away from SSL/early TLS has been extended from June …
This FAQ is intended for entities that need to complete a ROC or SAQ for PCI DSS v3.1 using the updated SSL/early TLS migration dates for Requirements …
The new name reflects an expanding standards program that will continue to incorporate other parts of the PIN based payment chain beyond PED and other physical devices. For example in …
This is a Technical FAQ for P2PE versions 1.x. This is a "normative" FAQ that is considered to be part of the P2PE requirements and shall be considered during a …
The intent of PCI DSS Requirement 8.1.6 and 8.1.7 is to prevent a malicious user from gaining access to users' accounts, by continually trying to guess a user's password over …
Each individual brand is responsible for accepting a specific recommendation of compliance from an ASV.
The password requirements in PCI DSS include a minimum level of complexity and strength intended to be met by all types of organizations using a range of technologies. PCI SSC …
PA-DSS Requirement 3.3.2 applies to all passwords generated or managed by the payment application that are used to authenticate access to the payment application. This requirement is not intended to …
