Frequently Asked Question
Can merchants use encryption solutions not listed on the PCI Council's website to reduce their PCI DSS validation effort?
Yes, however, PCI SSC recommends the use of PCI-listed P2PE solutions. Reference to What effect does the use of a PCI-listed P2PE solution have on a merchant's PCI DSS validation?
Merchants using encryption solutions that are not included on PCI SSC's list of Validated P2PE Solutions should consult with their acquirer or the payment brands about the use of these solutions. See How do I contact the payment card brands? for information regarding contacting the payment brands.
Merchants using encryption solutions that are not included on PCI SSC's list of Validated P2PE Solutions should consult with their acquirer or the payment brands about the use of these solutions. See How do I contact the payment card brands? for information regarding contacting the payment brands.
Last updated: April 2020
Posted at: October 2012
Posted at: October 2012
Article Number: 1162
Related
-
What evidence is a TPSP expected to provide to customers to demonstrate PCI DSS compliance?
-
Does PCI SSC consider guidance from other standards organizations when making updates to PCI standards?
-
If an organization provides software or functionality that runs on a consumer's device (for example, smartphones, tablets, or laptops) and is used to accept payment account data, can the organization store card verification codes for those consumers?
Featured FAQ Articles
Featured
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?
-
Is the PCI DSS Attestation of Compliance intended to be shared?
-
How does an entity report the results of a PCI DSS assessment for new requirements that are noted in PCI DSS as best practices until a future date?
-
Where do I direct questions about complying with PCI standards?
-
Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for assessments documented in a Report on Compliance?
Most Popular
-
What evidence is a TPSP expected to provide to customers to demonstrate PCI DSS compliance?
-
Does PCI SSC consider guidance from other standards organizations when making updates to PCI standards?
-
If an organization provides software or functionality that runs on a consumer's device (for example, smartphones, tablets, or laptops) and is used to accept payment account data, can the organization store card verification codes for those consumers?
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?
-
Can a compensating control be used for requirements with a periodic or defined frequency, where an entity did not perform the activity within the required timeframe?