It is possible that web applications previously considered out-of-scope for PCI DSS could now be in-scope under PCI DSS v3. The impact of this could be significant depending on your existing card data environment (CDE). It has long been accepted practice that any component that stores, processes or transmits cardholder data is in scope for… Read more »