Frequently Asked Questions
Featured FAQ Articles
Featured
-
Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for assessments documented in a Report on Compliance?
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?
-
Is the PCI DSS Attestation of Compliance intended to be shared?
-
How does an entity report the results of a PCI DSS assessment for new requirements that are noted in PCI DSS as best practices until a future date?
-
Where do I direct questions about complying with PCI standards?
Most Popular
-
Does TDEA meet the requirements of “strong cryptography” as defined in PCI DSS?
-
What is the meaning of “initial PCI DSS assessment”?
-
What should an entity do if its PCI DSS v3.2.1 assessment will not be complete prior to that standard’s retirement date of 31 March 2024?
-
What are acceptable formats for truncation of primary account numbers?
-
How do I contact the payment card brands?
Most Recently Updated
-
What is meant by ‘at risk’ and ‘at-risk timeframe’ referenced in the Final PFI Report?
-
Does PCI SSC consider guidance from other standards organizations when making updates to PCI standards?
-
Can entities be PCI DSS compliant if they have performed vulnerability scans at least once every three months, but do not have four “passing” scans?
-
Which PCI standards apply to card manufacturers, embossers, card personalizers, or entities that prepare data for card manufacturing?
Featured FAQ Articles
Featured
-
Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for assessments documented in a Report on Compliance?
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?
-
Is the PCI DSS Attestation of Compliance intended to be shared?
-
How does an entity report the results of a PCI DSS assessment for new requirements that are noted in PCI DSS as best practices until a future date?
-
Where do I direct questions about complying with PCI standards?
Most Popular
-
Does TDEA meet the requirements of “strong cryptography” as defined in PCI DSS?
-
What is the meaning of “initial PCI DSS assessment”?
-
What should an entity do if its PCI DSS v3.2.1 assessment will not be complete prior to that standard’s retirement date of 31 March 2024?
-
What are acceptable formats for truncation of primary account numbers?
-
How do I contact the payment card brands?