Frequently Asked Question

What software is eligible for validation to the PCI Secure Software Standard?
The eligibility criteria for software validation to the PCI Secure Software Standard is defined in the Secure Software Program Guide, available in the Document Library.
Whether an entity is required to use software validated to the Secure Software Standard is determined by individual payment brand mandates, and not by PCI SSC. For information about payment brand requirements for use of Secure Software validated applications, please contact the payment brands directly. Payment brand contact details can be found in FAQ 1142 How do I contact the payment card brands?
See also the following FAQs:
FAQ 1538: What is the process to initiate a software evaluation to the PCI Secure Software Standard?
FAQ 1539: Who is qualified to perform assessments to the PCI Secure Software Standard?
Whether an entity is required to use software validated to the Secure Software Standard is determined by individual payment brand mandates, and not by PCI SSC. For information about payment brand requirements for use of Secure Software validated applications, please contact the payment brands directly. Payment brand contact details can be found in FAQ 1142 How do I contact the payment card brands?
See also the following FAQs:
FAQ 1538: What is the process to initiate a software evaluation to the PCI Secure Software Standard?
FAQ 1539: Who is qualified to perform assessments to the PCI Secure Software Standard?
November 2021
Article Number: 1540
Featured FAQ Articles
Most Recently Updated
-
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
-
Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for assessments documented in a Report on Compliance?
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?