Single Use Virtual Credit Cards

Have you been looking for more information on Single Use Virtual Credit Cards?

Mastercard published a Frequently Asked Questions (FAQ) document this year on these type of credit cards that include conditions on when they can be considered out of scope for PCI. Check it out here.

Below is the summary of the conditions that must be met to consider these types of credit cards out of scope for PCI DSS compliance, according to Mastercard:

“Two primary conditions must be met for a SU-VCN* to be considered out of scope for the PCI DSS:

- It must be shown that the SU-VCN becomes inactive/disabled after only one authorization creating a single clearing record by technical control (must be met by a technological control that cannot be circumvented); AND

- The systems that store, process, or transmit the SU-VCN do not also store, process, or transmit multi-use PANs.”

*Single Use Virtual Card Numbers (SU-VCNs)

PCI WEBINAR SERIES

Preparing for Your Transition to PCI DSS v4.0 Webinar

PCI DSS v3.2.1 expires on March 31, 2024. With 64 new requirements in PCI DSS v4.0, companies have a lot to consider in preparation for the coming deadline. In our 5-part PCI Webinar Series, from April 27 – June 1, 2023, learn about the general changes to 4.0, new requirements, best practices, and how an increased focus on risk evaluations in this new version will be a driving force for security and compliance.

Join Viviana Wesley, CISM, PCI QSA, ISO 27001 Auditor and HALOCK Principal Consultant to review key updates and next steps to support your transition to PCI DSS v4.0.

PCI DSS Requirements

PCI DSS Requirement 5.4.1: Anti-spoofing controls such as DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance, Sender Policy Framework (SPF), and Domain Keys Identified Mail (DKIM) can help stop phishers from spoofing the entity’s domain and impersonating personnel.