FAQs

Featured

• What should an entity do if its PCI DSS v3.2.1 assessment will not be complete prior to that standard’s retirement date of 31 March 2024?
  
• How does an entity report the results of a PCI DSS assessment for new requirements that are noted in PCI DSS as best practices until a future date?
  
• Does an entity’s PCI DSS assessment result expire when the standard against which the entity was assessed is retired?
  

Most Popular

• What are acceptable formats for truncation of primary account numbers?
  
• How do I contact the payment card brands?
  

Most Recently Updated

• Can a Qualified Security Assessor (QSA) ask an auditor from the same company (for example, one conducting a SOC 2 or SOC 3 audit) to collect evidence for a PCI DSS assessment?
  
• Which version of PCI DSS should an entity use?
  
• What should an entity do if its PCI DSS v3.2.1 assessment will not be complete prior to that standard’s retirement date of 31 March 2024?