Frequently Asked Questions
Featured FAQ Articles
Featured
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?
-
Is the PCI DSS Attestation of Compliance intended to be shared?
-
How does an entity report the results of a PCI DSS assessment for new requirements that are noted in PCI DSS as best practices until a future date?
-
Where do I direct questions about complying with PCI standards?
-
Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for assessments documented in a Report on Compliance?
Most Popular
-
Why is there a different approach for Direct Post implementations than for iFrame and URL redirect - what are the technical differences and how do they impact the security of e-commerce transactions?
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?
-
What is a PCI DSS Self-Assessment Questionnaire?
-
How are third-party service providers (TPSPs) expected to demonstrate PCI DSS compliance for TPSP services that meet customers’ PCI DSS requirements or may impact the security of a cardholder data environment?
-
How do PCI PTS-approved POI device expiry dates affect a PCI-listed P2PE solution?
Most Recently Updated
-
Which version of the P2PE Standard should be used for a P2PE assessment?
-
Which PCI PTS point-of-interaction (POI) devices can be used in a validated P2PE solution?
-
Is a "P2PE Assessor" required for a merchant's PCI DSS assessment if the merchant uses a Council-listed P2PE solution?
-
Can a QSA that is not also a P2PE Assessor validate an encryption solution meets P2PE Requirements?
-
How do PCI PTS-approved HSM expiry dates affect a PCI-listed P2PE Solution or Component?
Featured FAQ Articles
Featured
-
What does “console access” mean for PCI DSS Requirements 8.4.1 and 8.4.2?
-
What evidence is a TPSP expected to provide to customers to demonstrate PCI DSS compliance?
-
Does PCI SSC consider guidance from other standards organizations when making updates to PCI standards?
-
If an organization provides software or functionality that runs on a consumer's device (for example, smartphones, tablets, or laptops) and is used to accept payment account data, can the organization store card verification codes for those consumers?
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?
Most Popular
-
What does “console access” mean for PCI DSS Requirements 8.4.1 and 8.4.2?
-
What evidence is a TPSP expected to provide to customers to demonstrate PCI DSS compliance?
-
Does PCI SSC consider guidance from other standards organizations when making updates to PCI standards?
-
If an organization provides software or functionality that runs on a consumer's device (for example, smartphones, tablets, or laptops) and is used to accept payment account data, can the organization store card verification codes for those consumers?
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?