General

Accessing the online portal

• How does the online portal work and what do I need to do?
• What do I need to log into the PCI DSS portal?
• Username and password recovery
• What is an "Authenticator App" and how do I use it to set up multi-factor authentication ~MFA?
• How do I set up Multi-Factor Authentication on the portal?
• How do I disable Multi-Factor Authentication (MFA) on the online portal?

Using the online portal

• How do I add users to my account?
• How can I upload documents to the PCI portal?
• How does the online portal help me report my compliance with the PCI DSS?
• How do I download PCI DSS documents from the online portal?
• How do I upload a valid Attestation of Compliance (AOC)?

Compliance scanning on the portal

• How do I manage monthly recurring scans if I have a static IP?
• Do I have to run an External Vulnerability Scan (ASV scan) on my website?
• I take payments on my website, how do I scan my website? (External Vulnerability Scan for compliance).
• How do I scan my business network? (External Vulnerability Scan for compliance).
• How do I run an ASV scan via the online portal?
• How will I know when the scan has finished?

See all 10 articles

Essential documents

• What is an Information Security Policy (ISP) and why do I need one?
• What is an Incident Response Plan, why do I need one?
• What is a data retention policy and why do I need one?
• Why do I need a documented list of all services and ports?
• What is a Network Diagram?

Security information for your software, devices and networks

• What are change detection mechanisms and why are they important?
• What is Multi-factor Authentication?
• Why does everyone in my business need their own ID and password when accessing systems and devices?
• What Does "Restrict Access by Business Need" Mean?
• What are strong access control measures, and what do I need to do?
• Why do I have to install vendor updates and patches?

See all 14 articles

Network - technical set up and monitoring

• Why do I need to regularly test security systems and processes?
• Why do I need to regularly monitor and test networks?
• What is a server?
• What does isolation or segmentation mean on a network?
• What is automated monitoring?
• What is Virtualization Technology?

Risk reduction

• How can you reduce your risk of data breaches?
• Are you using devices that captures and stores card information?
• Is your card terminal connected to other systems?
• Are your third-party service providers PCI DSS compliant?
• Are you receiving card information by email?
• Are you manually re-entering card data from one system into another?

See all 14 articles

Glossary

• Glossary Q-W
• Glossary L-P
• Glossary D-I
• Glossary A-C
• Important Acronyms

General information

• What is sensitive data according to the PCI DSS
• What information should I need to know/have to hand for completing PCI online?
• What is the PCI DSS and who does it apply to?
• What is PCI Level 4?
• Why do I need to restrict physical access to cardholder data?
• Can I store cardholder data or payment card numbers?

See all 10 articles

Self-Assessment Questionnaire (SAQ)

• How you accept card payments determine your self assessment questionnaire.