Qualys PCI Compliance Release 6.3

January 20, 2026

With this release of PCI Compliance, we are introducing the following new feature(s) and enhancement(s).

OTP-based Verification

We have introduced an One Time Password (OTP-based) validation to enhance the security and reliability of password reset and user account activation processes. This improvement addresses issues where one-time activation or reset links were expiring prematurely due to email sanitization or other security mechanisms implemented by clients.

The OTP-based verification is available only for the bank and merchant users. The verification process is not updated for the PCI admin users.

Benefits of OTP-based Verification

  • Improved Reliability: Eliminates failures caused by email sanitization, ensuring users can complete activation and password reset without interruptions.
  • Enhanced Security: Adds an additional verification layer through OTP, reducing risks of unauthorized access.
  • Backward Compatibility: No changes required from customers; existing workflows remain intact with an added OTP step.

Workflow

  1. When a user initiates Forgot Password, Reset Password, or New User Activation, an email is sent with an OTP verification link.
  2. Click the link to generate a 6-digit OTP. The OTP verification window is opened, and the generated OTP is sent to your registered email ID.

    By default, the OTP is valid for 72 hours. The Super Admin user can change the OTP validity.

  3. Enter the OTP on OTP Verification page.
  4. Upon successful validation, the user is redirected to the credentials page. Save this page to a safe location for future reference.

Issues Addressed

The following important and notable issues are fixed in this release.

Category/Component Description
PCI Reporting The downloaded Vulnerabilities report was displaying misaligned data due to the incorrect merging of report columns. We fixed this issue by adding the missing column in the Vulnerabilities report.

Known Issues, Limitations, and Workarounds

There are no known issues or limitations for this release.

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: January, 2026