Frequently Asked Questions

< Back to search page

What is meant by “non-consumer users” in PCI DSS Requirement 8?

FAQ Response

PCI DSS Requirement 8 addresses secure authentication requirements and requires that all passwords and other authentication credentials be securely managed. These requirements apply to all non-consumer users and administrators. The term “non-consumer user” refers to all individuals, excluding cardholders, who access system components, including employees, administrators, and third parties.

May 2014
Article Number 1067

What are acceptable formats for truncation of primary account numbers?

How does encrypted cardholder data impact PCI DSS scope for third-party service providers?

Does a QSA need to be onsite at the client’s premises for all aspects of a PCI DSS assessment?

If a merchant develops an application that runs on a consumer’s device (e.g. smartphone, tablet, or laptop) that is used to accept payment card data, what are the merchant’s obligations regarding PCI DSS and PA-DSS for that application?

How does encrypted cardholder data impact PCI DSS scope?

Frequently Asked Questions

What is meant by “non-consumer users” in PCI DSS Requirement 8?

Related Articles