Deleted FAQs - PCI Watch

FAQ #1279 Deleted Last seen: 2026-03-28T17:00:09.739684+00:00

How does using a PA-DSS validated application affect the scope of a merchant's PCI DSS assessment?

Applications which are PA-DSS validated have been assessed by a PA-QSA as meeting all PA-DSS requirements. This means the application, when properly installed and configured, is capable of supporting the …

FAQ #1441 Deleted Last seen: 2026-03-28T17:00:09.739684+00:00

How do the updated SSL/early TLS migration dates apply to service providers?

The deadline for all entities, including service providers, to migrate away from SSL and insecure versions of TLS is June 30, 2018. In order to support merchants and other customers …

FAQ #1347 Deleted Last seen: 2026-03-28T17:00:09.739684+00:00

What are secure methods for a merchant to transport a terminal to meet requirements specified in P2PE Requirement 3A-2.4 and the P2PE Instruction Manual?for example, if a merchant has to return a POI device to their vendor for repair?

This is a Technical FAQ for P2PE versions 1.x. This is a "normative" FAQ that is considered to be part of the P2PE requirements and shall be considered during a …

FAQ #1330 Deleted Last seen: 2026-03-28T17:00:09.739684+00:00

For P2PE solutions, can you use PCI approved POI devices with SRED, where the PTS listing indicates "Non CTLS"?


This is a "normative" FAQ - It is considered to be part of the P2PE requirements and shall be considered during a …

FAQ #1261 Deleted Last seen: 2026-03-28T17:00:09.739684+00:00

Does a P2PE validated application also need to be validated against PA-DSS?

The P2PE Standard does not require applications solely used in a P2PE solution to be validated to PA-DSS. PA-DSS and P2PE are distinct PCI standards with separate requirements and programs, …

FAQ #1371 Deleted Last seen: 2026-03-28T17:00:09.739684+00:00

Can a third-party entity that performs P2PE functions on behalf of a P2PE solution provider undergo their own P2PE assessment, rather than undergoing an assessment each time a customer undergoes a P2PE assessment?

This is a Technical FAQ for P2PE versions 1.x. This is a "normative" FAQ that is considered to be part of the P2PE requirements and shall be considered during a …

FAQ #1343 Deleted Last seen: 2026-03-28T17:00:09.739684+00:00

Is it expected that P2PE applications be assessed per Domain 2 requirements (for example, 2A-1.2.c) if forensics tools are not effective due to architectural constraints of the POI device?

This is a Technical FAQ for P2PE versions 1.x. This is a "normative" FAQ that is considered to be part of the P2PE requirements and shall be considered during a …

FAQ #1223 Deleted Last seen: 2026-03-28T17:00:09.739684+00:00

Does PCI DSS, PA-DSS, or PTS apply to ATMs?

PCI DSS applies to entities involved in payment card processing or that otherwise store, process, or transmit cardholder data; the Payment Application Data Security Standard (PA-DSS) applies to payment applications …

FAQ #1345 Deleted Last seen: 2026-03-28T17:00:09.739684+00:00

Is there an exception to P2PE Requirement 2A-2.1 that a P2PE application can only export PAN or SAD encrypted by the firmware of the PCI-approved POI device, where there is a legal or regulatory obligation to print the full PAN on merchant receipts?

This is a Technical FAQ for P2PE versions 1.x. This is a "normative" FAQ that is considered to be part of the P2PE requirements and shall be considered during a …

FAQ #1278 Deleted Last seen: 2026-03-28T17:00:09.739684+00:00

Are PA-DSS applications considered valid if installed on an operating system that is not included in the payment application listing?

A PA-DSS validation is only applicable to the operating system(s) upon which the application was assessed, as reported in the ROV and as listed with the application on the PCI …