PCI DSS provides a common data security standard across all payment brands. Are there any plans to provide a common structure of penalties and/or fines for non-compliance to this standard?
→
Reinstated FAQs
26 FAQs have been deleted from the PCI SSC website and later restored.
Are administrators allowed to share passwords?
→
Does PCI DSS apply to merchants who outsource all payment processing operations and never store, process or transmit cardholder data?
→
What should a merchant do if cardholder data is accidentally received via an unintended channel?
→
If a merchant is using a payment application listed as ?acceptable only for pre-existing deployments?, is the merchant allowed to install more copies of the application?
→
Do all PCI DSS requirements apply to every system component?
→
Are point-of-sale devices required to be physically secured (e.g. with a cable or tether) to prevent removal or substitution in order to meet PCI DSS Requirement 9.9?
→
Are merchants allowed to request that cardholder data be provided over end-user messaging technologies?
→
Are merchants allowed to request card-verification codes/values from cardholders?
→
What changes are PFI companies allowed to make to the PFI Reporting Templates?
→