How does PCI DSS Requirement 11.3.4.1 impact timing of penetration tests for service providers?
→
Reinstated FAQs
26 FAQs have been deleted from the PCI SSC website and later restored.
For third parties that undergo P2PE assessments for services they offer on behalf of P2PE solution providers, what is acceptable evidence they can provide to those P2PE solution providers?
→
For P2PE Requirement 3A-4.2, are POI devices required to be physically secured (e.g., bolted to a counter-top or tethered with a cable) in the merchant environment? How does this requirement apply to handheld/wireless POI devices?
→
I?m a small merchant who has limited payment card transaction volume. Do I need to be compliant with PCI DSS? If so, what is the deadline?
→
Can I fax payment card numbers and still be PCI DSS Compliant?
→
If a merchant?s e-commerce implementation meets the criteria that all elements of payment pages originate from a PCI DSS compliant service provider, is the merchant eligible to complete SAQ A or SAQ A-EP?
→
Does PCI P2PE v2 allow for partial assessments of third parties with services that will be used in one or more P2PE solutions?
→
Does a QSA need to be onsite at the client?s premises for all aspects of a PCI DSS assessment?
→
Are PFIs required to fill out all the fields in the Final PFI Report?
→
How can I determine whether a QSA is authorized to perform PCI DSS assessments in all countries that are in scope for my company's PCI DSS assessment?
→