Frequently Asked Question

PCI SSC recognizes that there may be a need for PFIs to personalize the PFI Report Templates, such as adding a company logo or add rows for more detail. However, such changes must be limited per the following:

• Personalization, such as inclusion of corporate logos, must be limited to the title page of the document.
• The format and content of the PFI Report Templates must be maintained with no deletions — the only permitted format change is the addition of rows as needed to facilitate complete and accurate responses. Changes to the order or content of sections, reporting instructions, guidance notes or other static text are not permitted.
• Removal or omission of any static text, including section headers, guidance notes and instructions is prohibited. Where a section or requirement is determined to be not applicable, those sections and/or requirements must remain in the completed PFI reports with any "not applicable" results documented.
• The addition of content, such as legal verbiage or additional reporting, is allowed in a limited manner; such additional content/reporting sections should be treated as addendum sections that are attached at the end of the PFI Report following the appendices. If a PFI would like to include more information than they feel can be included in the allotted space, they must put an addendum reference in the report at the location where expansion is needed, and identify where (in the addendum) that data can be found. Additions of addendum content should be carefully considered, as the affected payment brand(s) have the right to reject such changes.
• PFIs must also ensure that any content added by the PFI is visually evident and discernable from the original PCI SSC Report Template. Any additional reporting must not be duplicated information, but rather, must be additional details that add context or clarification to the responses provided in the main body of the report.