PCI Perspectives

A Message from PCI SSC Executive Director: The Board of Advisors Needs Your Vote

Posted by Lance J. Johnson on 9 Nov, 2018 in Board of Advisors and Participation

PCI SSC Participating Organizations, one of the best ways for you to ensure your issues and perspect... READ MORE

Vote Now for the 2019-2020 PCI SSC Board of Advisors

Posted by Laura K. Gray on 5 Nov, 2018 in Board of Advisors and Participation

From 5- 16 November 2018 the primary business contact for each Participating Organization and Afﬁlia... READ MORE

Dutch Payments Association: Payment Security and Collaboration in Europe

Posted by Laura K. Gray on 18 Oct, 2018 in Community Meetings and Interview and Participation

At the Europe Community Meeting in London this week, a panel of European industry associations and s... READ MORE

PCI Software Security Standards Coming Soon

Posted by Laura K. Gray on 17 Oct, 2018 in Community Meetings and Apps and Interview and PA-DSS and Participation and Software and Software Security Framework

PCI SSC is in the process of finalizing new PCI Security Standards for the secure design and develop... READ MORE

On Payment Security in Europe

Posted by Laura K. Gray on 16 Oct, 2018 in Community Meetings and 3DS and Interview and Participation and Small Merchant Resources

At the Europe Community Meeting in London this week International Director for Europe, Jeremy King, ... READ MORE

PCI DSS in Practice Case Study: AccorHotels and Vigitrust

Posted by Laura K. Gray on 15 Oct, 2018 in Case Study

AccorHotels needed a comprehensive multinational, multidimensional, and multicultural PCI Data Sec... READ MORE

What’s Next for PCI Card Production and Provisioning?

Posted by Laura K. Gray on 12 Oct, 2018 in Community Meetings and Interview and Card Production

What happens next with the PCI Card Production and Provisioning Standards? PCI SSC Chief Technology ... READ MORE

How Innovation is Changing Payment Security (and Standards)

Posted by Lindsay Goodspeed on 27 Sep, 2018 in Community Meetings and Participation and Interview and Point to Point Encryption (P2PE) and Small Merchant Resources

In this interview from the 2018 North America Community Meeting, we sit down with Chief Technology O... READ MORE

How Industry Collaboration and Feedback Shapes PCI SSC Programs

Posted by Lindsay Goodspeed on 27 Sep, 2018 in Community Meetings and Participation and Certification and QIR and QSA and SIGs

In his talk at the 2018 North America Community Meeting, COO Mauro Lance discusses how collaboration... READ MORE

State of the PCI Security Standards Council

Posted by Lindsay Goodspeed on 26 Sep, 2018 in Community Meetings and Participation and Board of Advisors

In his keynote address to the 2018 North America Community Meeting, Lance Johnson shares his vision ... READ MORE

Council CTO on Verizon’s 2018 Payment Security Report

Posted by Lindsay Goodspeed on 25 Sep, 2018 in BAU and Compliance and Community Meetings and PCI DSS and Point to Point Encryption (P2PE)

Verizon recently released its 2018 Payment Security Report. During North America PCI Community Meeti... READ MORE

What’s Next for the PCI P2PE Standard?

Posted by Lindsay Goodspeed on 21 Sep, 2018 in Point to Point Encryption (P2PE) and Request for Comments and Interview

What happens next with the PCI Point-to-Point Encryption (P2PE) Standard? PCI SSC Chief Technology... READ MORE

Help Secure Payment Data: PCI SSC Participation Opportunities

Posted by Laura K. Gray on 21 Sep, 2018 in Board of Advisors and Participation and PCI SSC and SIGs

The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase pay... READ MORE

PCIP in Practice Case Study: Excentus

Posted by Laura K. Gray on 13 Sep, 2018 in Case Study and Training and PCI Professional

Excentus chose PCI Professional (PCIP) training and certification for its staff to help with forma... READ MORE

Helping Small Merchants Protect Payment Card Data

Posted by Lindsay Goodspeed on 30 Aug, 2018 in Community Meetings and Small Business and Small Merchant Resources

In this post, we get insights from Jenna Hutt, Retail Technology Specialist, Rocky Mountain Chocolat... READ MORE

Threats Facing Small Merchants: A New Tool to Help

Posted by Lindsay Goodspeed on 28 Aug, 2018 in Firewalls and PCI DSS and Small Business and Small Merchant Resources and SMB Series

Troy Leach, Chief Technology Officer of the PCI SSC discusses how the Council is helping small mer... READ MORE

ISA in Practice Case Study: Cafe Rio Mexican Grill

Posted by Laura K. Gray on 23 Aug, 2018 in Case Study and Training and Internal Security Assessor (ISA)

Looking for in-house PCI knowledge that would help the company stay in front of security requireme... READ MORE

Impact Payment Security Globally: Serve on the PCI SSC Board of Advisors

Posted by Laura K. Gray on 17 Aug, 2018 in Board of Advisors and PCI SSC and Participation

The Board of Advisors represents PCI Security Standards Council (PCI SSC) Participating Organization... READ MORE

Request for Comments: PCI 3DS SDK Security Standard v1.1

Posted by Laura K. Gray on 14 Aug, 2018 in 3DS and Mobile and Request for Comments and Participation

From 14 August to 28 August the PCI community, including Participating Organizations, 3-D Secure (3D... READ MORE

Final Request for Comments: Draft PCI Software Security Framework

Posted by Laura K. Gray on 31 Jul, 2018 in Apps and Software and PA-DSS and Participation and Request for Comments and Software Security Framework

From 31 July to 7 September, PCI SSC stakeholders are invited to review and provide final feedback o... READ MORE

PCI 3-D Secure Software Development Kit (3DS SDK) Program Now Available

Posted by Laura K. Gray on 27 Jul, 2018 in 3-D Secure and Apps and Interview and Software and Mobile

Today, the PCI SSC published documentation for vendors and labs to use in developing and evaluating ... READ MORE

Contactless Payments: PCI SSC on Plans to Develop Security Standard for Payment Acceptance on Merchant COTS Devices

Posted by Laura K. Gray on 28 Jun, 2018 in Interview and Mobile and Contactless

PCI SSC is in the beginning stages of developing a security standard for accepting contactless payme... READ MORE

Infographic: Patching

Posted by Laura K. Gray on 21 Jun, 2018 in Awareness and Infographic and QIR and Small Merchant Resources and Small Business and Vendors and Patching

The use of outdated and unpatched software is one of the leading causes of payment data breaches for... READ MORE

What Happens After 30 June 2018? New Guidance on Use of SSL/Early TLS

Posted by Laura K. Gray on 15 Jun, 2018 in PCI DSS and TLS/SSL and Guidance

Following the release of PCI DSS v3.2.1 to account for dates that have already passed, such as the 3... READ MORE

Video: Patching

Posted by Laura K. Gray on 13 Jun, 2018 in Awareness and QIR and Small Merchant Resources and Small Business and Video and Patching

Unpatched software is one of the leading causes of payment data breaches for businesses. READ MORE

Q&A with Community Meeting Speakers Sajal Islam and David McGregor

Posted by Lindsay Goodspeed on 24 May, 2018 in Interview and APAC and Community Meetings and Point to Point Encryption (P2PE) and PTS POI

Asia-Pacific Community Meeting speakers Sajal Islam, Audit Manager, UL, and David McGregor, Manager ... READ MORE

Infographic: Strong Passwords

Posted by Laura K. Gray on 22 May, 2018 in Awareness and Infographic and Passwords and QIR and Small Merchant Resources and Small Business and Vendors

The use of weak and default passwords is one of the leading causes of payment data breaches for busi... READ MORE

Q&A with Community Meeting Speaker Swati Sharma

Posted by Lindsay Goodspeed on 18 May, 2018 in Interview and APAC and Community Meetings and QSA

Asia-Pacific Community Meeting speaker Swati Sharma, QSA, CISSP, CISM discusses the payment securi... READ MORE

PCI DSS Now and Looking Ahead

Posted by Laura K. Gray on 17 May, 2018 in Interview and PCI DSS and TLS/SSL

Today the PCI SSC published a minor revision to the PCI Data Security Standard (PCI DSS) to account ... READ MORE

3 Things to Know About the PCI Software Security Framework in 2018

Posted by Laura K. Gray on 11 May, 2018 in Apps and Interview and PA-DSS and Software and Software Security Framework

As payments evolve, PCI SSC continues to evolve PCI Security Standards and programs for securing pay... READ MORE

Video: Strong Passwords

Posted by Laura K. Gray on 3 May, 2018 in Awareness and QIR and Passwords and Small Merchant Resources and Small Business and Video

The use of weak and default passwords is one of the leading causes of payment data breaches for busi... READ MORE

Infographic: Secure Remote Access

Posted by Laura K. Gray on 27 Apr, 2018 in Awareness and Multi-Factor Authentication and QIR and Remote Access and Infographic

Insecure remote access is one of the leading causes of payment data breaches for businesses. READ MORE

PCI Software-based PIN Entry on COTS Program Now Available

Posted by Laura K. Gray on 24 Apr, 2018 in Apps and Interview and Mobile and Software and SPoC

Earlier this year, the PCI SSC published the PCI Software-based PIN Entry on COTS (SPoC) Standard, w... READ MORE

New FAQs on Software-based PIN Entry on COTS

Posted by Laura K. Gray on 20 Apr, 2018 in Apps and Interview and Mobile and Software and SPoC

Earlier this year, the PCI SSC published the PCI Software-based PIN Entry on COTS (SPoC) Standard, w... READ MORE

Coming Soon: Minor PCI DSS Revision

Posted by Laura K. Gray on 18 Apr, 2018 in PCI DSS

A minor revision to the PCI Data Security Standard (PCI DSS) will be published next month. The new... READ MORE

PCI P2PE in Practice Case Study: Northwestern University and CardConnect

Posted by Laura K. Gray on 13 Apr, 2018 in Case Study and Point to Point Encryption (P2PE)

With a mission to enhance the level of transactional data security across every payment location o... READ MORE

Video: Secure Remote Access

Posted by Laura K. Gray on 9 Apr, 2018 in Awareness and Multi-Factor Authentication and QIR and Remote Access and Video and Small Merchant Resources

Insecure remote access is one of the leading causes of payment data breaches for businesses. READ MORE

ISACA Partners with PCI SSC to Provide Discount on Industry Certifications

Posted by Laura K. Gray on 5 Apr, 2018 in Certification and Interview and QSA

As introduced in August 2017, in 2019 the PCI SSC will increase the industry-recognized professional... READ MORE

4 Things to Know About PCI DSS in 2018

Posted by Laura K. Gray on 29 Mar, 2018 in PCI DSS and TLS/SSL

What happens next with the PCI Data Security Standard (PCI DSS)? Here we look at key updates and m... READ MORE

Share This: New Resources for Businesses on Payment Data Security Essentials - Featured Image

Q&A with Community Meeting Speaker Steve Marshall

Posted by Lindsay Goodspeed on 22 Mar, 2018 in Interview and APAC and BAU and Community Meetings and PCI Forensic Investigator (PFI) and QSA and MEAF

Community Meetings are hosted by the PCI Security Standards Council in locations around the world. READ MORE

Video: PCI SSC Updates Training and Certification Program for Integrators and Resellers

Posted by Laura K. Gray on 21 Mar, 2018 in Interview and Passwords and Patching and QIR and Remote Access and Breaches and Certification and Video

Watch this video with PCI SSC’s Chief Operating Officer on how training integrators and resellers ... READ MORE

The QIR Program is Changing: Here’s What You Need to Know

Posted by Lindsay Goodspeed on 14 Mar, 2018 in Interview and Passwords and Patching and QIR and Remote Access

The PCI SSC continually listens to feedback and adapts its standards and programs to meet evolving n... READ MORE

Webinar: SSL and Early TLS Migration: Preparing for 30 June Deadline

Posted by Laura K. Gray on 9 Mar, 2018 in Educational Resource and Awareness and PCI DSS and Encryption and Webinar and TLS/SSL

30 June 2018 is the deadline for disabling Secure Sockets Layer/early Transport Layer Security (SSL/... READ MORE

Request for Comments: PCI Software Security Standard Framework

Posted by PCI Security Standards Council on 6 Mar, 2018 in Request for Comments and Apps and PA-DSS and Participation and Software and Software Security Framework

From 6 March to 6 April, PCI SSC stakeholders have the opportunity to review and provide feedback ... READ MORE

PCI Software-based PIN Entry on COTS: Understanding New Test Requirements

Posted by Laura K. Gray on 26 Feb, 2018 in Apps and Interview and Mobile and Software and PTS POI and SPoC

Test Requirements are now available for the recently announced PCI Security Standard for software-ba... READ MORE

Resource Guide: Migrating from SSL and Early TLS

Posted by Laura K. Gray on 14 Feb, 2018 in Educational Resource and Awareness and PCI DSS and Encryption and Resource Guide and TLS/SSL

Is your organization still using Secure Sockets Layer (SSL)/early Transport Layer Security (TLS) pro... READ MORE

PCI Council Supports Data Privacy Day with Free Training

Posted by Lindsay Goodspeed on 25 Jan, 2018 in Awareness and Data Privacy Day and Passwords and Patching and QIR and Remote Access and Training

In support of Data Privacy Day, we’re offering FREE PCI Awareness training to the first 1,000 people... READ MORE

New PCI Software-Based PIN Entry on COTS Standard

Posted by Laura K. Gray on 24 Jan, 2018 in Apps and Interview and Mobile and Software and SPoC

The PCI SSC has announced a new PCI Security Standard for software-based PIN entry on commercial off... READ MORE

Now Accepting Applications for New Associate QSA Program

Posted by Laura K. Gray on 18 Jan, 2018 in QSA

As cybercriminals continue to target payments, cybersecurity skills are critically important to help... READ MORE

PCI Training for Merchants: Which Course is Right for You?

Posted by Laura K. Gray on 3 Jan, 2018 in Training and Awareness and Certification and PCI Professional

People are a critical part of keeping payment data safe and secure. READ MORE

Changes Coming to the QIR Program

Posted by Lindsay Goodspeed on 21 Dec, 2017 in Interview and Passwords and Patching and QIR and Remote Access

The PCI Security Standards Council (PCI SSC) is planning to restructure the Qualified Integrator and... READ MORE

Coming Soon: New PCI Software PIN-Entry on COTS Standard

Posted by Laura K. Gray on 19 Dec, 2017 in Apps and Interview and Mobile and Software and SPoC

The PCI Security Standards Council (PCI SSC) has been working with industry stakeholders to develop ... READ MORE

Request for Comments: PTS POI Standard

Posted by PCI Security Standards Council on 18 Dec, 2017 in Participation and Request for Comments and PTS POI

From 18 December 2017 to 17 January 2018, PCI SSC stakeholders have the opportunity to review and ... READ MORE

PCI DSS Dates to Remember

Posted by Laura K. Gray on 15 Dec, 2017 in PCI DSS and TLS/SSL

With 2018 come important PCI Data Security Standard (PCI DSS) dates to remember. New requirements ... READ MORE

What’s Next for the PCI Software Security Framework?

Posted by Laura K. Gray on 11 Dec, 2017 in Interview and Apps and PA-DSS and Software and Software Security Framework

In an earlier post, Securing Modern Payment Software with a New Software Security Framework, PCI S... READ MORE

PCI DSS and the Travel Industry

Posted by Laura K. Gray on 6 Dec, 2017 in Interview and PCI DSS and Hackers and Holidays and Small Merchant Resources

The International Air Transport Association (IATA) is now requiring that its accredited travel age... READ MORE

Preparing for Launch: Associate QSA Program

Posted by Laura K. Gray on 4 Dec, 2017 in QSA and PCI SSC and Interview

In March 2017 the PCI SSC announced plans to develop an Associate QSA program, as part of a broade... READ MORE

Guidance: Multi-Factor Authentication

Posted by Laura K. Gray on 1 Dec, 2017 in Educational Resource and Passwords and Remote Access and Guidance and Multi-Factor Authentication

Attackers continue to compromise valid user credentials to access company networks and steal payme... READ MORE

PCI SSC Associate Regional Director for Brazil on New Regional Engagement Board

Posted by Laura K. Gray on 21 Nov, 2017 in Participation

The PCI Security Standards Council (PCI SSC) justannounced it will establish a Brazil Regional Engag... READ MORE

PCI 3DS SDK Standard Now Available

Posted by Laura K. Gray on 20 Nov, 2017 in Mobile and Software and 3-D Secure

Following publication of the PCI 3DS Core Security Standard in October, the PCI SSC has published a ... READ MORE

PCI SSC Cryptography Expert on Triple DEA

Posted by Ralph Spencer Poore on 9 Nov, 2017 in Encryption and TLS/SSL and Approved Scanning Vendors

This article is intended to provide awareness and guidance on the use of Triple DEA (also known as... READ MORE

Serve on the first PCI SSC Brazil Regional Engagement Board: Nominate Now

Posted by Laura K. Gray on 3 Nov, 2017 in Participation

The first ever Regional Engagement Board is launching in Brazil in January 2018. READ MORE

FAQ: Can card verification codes/values be stored for card-on-file or recurring transactions?

Posted by Laura K. Gray on 2 Nov, 2017 in PCI DSS and FAQ

Did you know that the Frequently Asked Questions (FAQ) resource on the PCI SSC website is updated re... READ MORE

Strong Passwords: Payment Data Security Essential for SMBs

Posted by Laura K. Gray on 1 Nov, 2017 in Small Business and Small Merchant Resources and Cyber Security Awareness Month and QIR and Passwords

Passwords are essential for computer and payment data security. READ MORE

Payment Security in Brazil: New PCI SSC Regional Engagement Board

Posted by Laura K. Gray on 1 Nov, 2017 in Participation and Interview

The PCI Security Standards Council (PCI SSC) just announced the opening of the nomination period for... READ MORE

PCI and the Next Generation of Payment Security

Posted by Laura K. Gray on 26 Oct, 2017 in Community Meetings and 3-D Secure and Multi-Factor Authentication and Software and QIR and PCI DSS and Third Party Risk

PCI SSC Chief Technology Officer Troy Leach talked with PCI Europe Community Meeting attendees in Ba... READ MORE

Payment Security Insights from EUCM Speaker Michael Christodoulides

Posted by Lindsay Goodspeed on 25 Oct, 2017 in Interview and Community Meetings and BAU and Remote Access and Small Merchant Resources and Third Party Risk

In this post, we get insights from Michael Christodoulides CISM, CISA, CRISC, Vice President, Secu... READ MORE

Payment Security Insights with EUCM Speaker Gary Glover

Posted by Lindsay Goodspeed on 25 Oct, 2017 in Interview and Community Meetings and PCI DSS and QIR and QSA and Remote Access

In this post, we get insights from Gary Glover, CISSP, QSA, PA-QSA, CISA, Vice President of Assess... READ MORE

What to Know About the New PCI 3DS Core Security Standard

Posted by Laura K. Gray on 25 Oct, 2017 in Interview and Community Meetings and Apps and Mobile and Software and 3-D Secure and eCommerce

At this week’s PCI Europe Community Meeting in Barcelona, the PCI Security Standards Council (PCI... READ MORE

Payment Security Insights with EUCM Speaker Speaker Tracey Long

Posted by Lindsay Goodspeed on 25 Oct, 2017 in Interview and Community Meetings and Point to Point Encryption (P2PE)

In this post, we get insights from Tracey Long, Senior Payment Security PCI DSS Compliance Manager... READ MORE

Payment Security Insights with EUCM Speaker Jacob Ansari

Posted by Lindsay Goodspeed on 25 Oct, 2017 in Interview and Community Meetings and Malware and Passwords and Patching and Phishing and Remote Access and Skimming

In this post, we get insights from Jacob Ansari, QSA (P2PE), PA-QSA (P2PE), CISSP, Director at Sch... READ MORE

Payment Security Areas to Watch

Posted by Laura K. Gray on 24 Oct, 2017 in Community Meetings and Software and Encryption and IoT and Ransomware

PCI SSC Chief Technology Officer Troy Leach talked with PCI Europe Community Meeting attendees in Ba... READ MORE

Payment Security Insights with EUCM Speaker Chris Novak

Posted by Lindsay Goodspeed on 24 Oct, 2017 in Interview and Community Meetings and BAU

In this post, we get insights from Christopher Novak, Director, Investigative Response Verizon RIS... READ MORE

Request for Comments: PCI Software-Based PIN Entry on COTS Standard

Posted by PCI Security Standards Council on 23 Oct, 2017 in Participation and Request for Comments and Mobile and Software and SPoC

From 23 October to 20 November, PCI SSC stakeholders have the opportunity to review and provide feed... READ MORE

What to Know About the PCI Software-Based PIN Entry on COTS Standard

Posted by Laura K. Gray on 20 Oct, 2017 in Apps and Community Meetings and Interview and Mobile and Software and SPoC

The PCI Security Standards Council has been working with industry stakeholders to develop a security... READ MORE

Securing Modern Payment Software with a New Software Security Framework

Posted by Lindsay Goodspeed on 18 Oct, 2017 in PA-DSS and Cloud Security and Community Meetings and Interview and Software and Software Security Framework

Secure design and development of modern payment software is a key priority for the PCI SSC. READ MORE

Patching: Payment Data Security Essential for SMBs

Posted by Laura K. Gray on 18 Oct, 2017 in Small Business and Small Merchant Resources and Patching and Cyber Security Awareness Month and QIR

When businesses don’t apply software patches from vendors, they open themselves up to attacks, which... READ MORE

Vote Now for 2018 Special Interest Group Projects

Posted by Laura K. Gray on 17 Oct, 2017 in Participation and SIGs

From now through 31 October PCI SSC Participating Organizations are invited to vote on proposals for... READ MORE

Insecure Remote Access: Top Risk for SMBs

Posted by Laura K. Gray on 10 Oct, 2017 in Small Business and Small Merchant Resources and Cyber Security Awareness Month and Infographic and QIR and Remote Access and Third Party Risk

Recent attack trends show that hackers are beginning to move their focus to smaller merchants that h... READ MORE

Infographic: 3 Payment Data Security Essentials SMBs Shouldn’t Ignore

Posted by Laura K. Gray on 3 Oct, 2017 in Small Merchant Resources and Small Business and Educational Resource and Infographic and Passwords and Patching and Remote Access

Attacks on POS systems at brick-and-mortar businesses are on the rise, leading to costly payment d... READ MORE

Request for Comments: PCI Card Production and Provisioning ROCs

Posted by PCI Security Standards Council on 27 Sep, 2017 in Participation and Request for Comments

From 20 September to 20 October, PCI SSC stakeholders have the opportunity to review and provide fee... READ MORE

PCI in Japan: Training for Merchants and Assessors Supports PCI DSS Adoption

Posted by Laura K. Gray on 19 Sep, 2017 in PCI DSS and Training and APAC and QSA

The PCI Security Standards Council continues to work with stakeholders in Japan to help support PCI ... READ MORE

Locking Up Remote Access

Posted by PCI Security Standards Council on 15 Sep, 2017 in Multi-Factor Authentication and Point of Sale (POS) and QIR and Remote Access and Small Business and Software and Third Party Risk

An analysis of account data compromises found that insecure remote access is the #1 point of entry f... READ MORE

Feedback Period: PCI DSS and PA-DSS

Posted by PCI Security Standards Council on 8 Sep, 2017 in Participation and PCI DSS and PA-DSS and Request for Comments

From 6 September to 15 November, PCI SSC stakeholders have the opportunity to provide feedback on th... READ MORE

Council CTO on Verizon’s Payment Security Report

Posted by Lindsay Goodspeed on 31 Aug, 2017 in Small Merchant Resources and Small Business and Community Meetings and Compliance and BAU and QIR and Interview

Verizon recently released its 2017 Payment Security Report. In advance of the upcoming North America... READ MORE

Keeping up to Date with PCI DSS Dates

Posted by Gill Woodcock on 25 Aug, 2017 in PCI DSS and TLS/SSL and Multi-Factor Authentication and Scoping and Segmentation

In our previous post, we highlighted recommendations for preparing for the 30 June 2018 PCI Data Sec... READ MORE

What’s Next for the QSA Program?

Posted by Laura K. Gray on 23 Aug, 2017 in QSA and Interview and 3-D Secure

In March 2017 the PCI SSC announced plans to evolve the PCI Qualified Security Assessors (QSA) Pro... READ MORE

Request for Comments: PCI PIN Standard

Posted by PCI Security Standards Council on 21 Aug, 2017 in ATM Security and Participation and Point of Sale (POS) and PTS POI and QSA and Request for Comments

From 18 August to 18 September, PCI SSC stakeholders have the opportunity to review and provide feed... READ MORE

Associate QSA Program: Coming Soon

Posted by Laura K. Gray on 14 Aug, 2017 in QSA and PCI SSC and Interview

In March 2017 the PCI SSC announced plans to develop an Associate QSA certification program, as pa... READ MORE

FAQ: Is Two-Step Authentication Acceptable for PCI DSS Requirement 8.3?

Posted by Laura K. Gray on 11 Aug, 2017 in FAQ and PCI DSS and Multi-Factor Authentication and Remote Access and Passwords

Did you know that the Frequently Asked Questions (FAQ) resource on the PCI SSC website is updated ... READ MORE

PCI Special Interest Groups: Industry Collaboration at its Best

Posted by Laura K. Gray on 10 Aug, 2017 in Interview and SIGs and Participation

Special Interest Groups (SIGs) are community-driven initiatives that focus on payment security cha... READ MORE

Navigating your Path to Payment Security with the Prioritized Approach to PCI DSS

Posted by Lauren Holloway on 8 Aug, 2017 in PCI DSS and Prioritized Approach

Director of Data Security Standards Lauren Holloway discusses a roadmap organizations can use to m... READ MORE

What’s Next for PCI DSS?

Posted by Laura K. Gray on 3 Aug, 2017 in PCI DSS and Interview

PCI Data Security Standard (PCI DSS) version 3.2 was published in April 2016. In this blog post we... READ MORE

Reducing Risk: SSL/Early TLS Mitigation and Migration

Posted by Laura K. Gray on 28 Jul, 2017 in eCommerce and Patching and TLS/SSL and Awareness and PCI DSS and Encryption

Is your organization still using the SSL/early TLS protocols? Do you work with online and e-commer... READ MORE

The State of Payment Security in Brazil

Posted by Lindsay Goodspeed on 25 Jul, 2017 in Interview and Community Meetings and Malware and Events and ATM Security

Leading up to the Latin America Forum in São Paulo, Brazil, Associate Regional Director Carlos Cae... READ MORE

FAQ: How does Encrypted Cardholder Data Impact PCI DSS Scope?

Posted by Laura K. Gray on 21 Jul, 2017 in FAQ and PCI DSS and Scoping and Point to Point Encryption (P2PE) and Encryption

Did you know that the Frequently Asked Questions (FAQ) resource on the PCI SSC website is updated ... READ MORE

Demystifying the NESA

Posted by Laura K. Gray on 13 Jul, 2017 in Interview and Point to Point Encryption (P2PE) and Encryption and NESA

Point-to-Point Encryption (P2PE) technology makes data unreadable so it has no value to criminals ... READ MORE

Mobile Payment Acceptance: A Look at PCI’s New Software-Based PIN-Entry Initiative

Posted by Laura K. Gray on 10 Jul, 2017 in Interview and PTS POI and Software and Mobile and SPoC

The PCI Security Standards Council has been discussing with stakeholders plans for a new security ... READ MORE

Are You Ready for 30 June 2018? Saying Goodbye to SSL/early TLS

Posted by Laura K. Gray on 30 Jun, 2017 in TLS/SSL and eCommerce and Encryption and PCI DSS and Patching and Awareness

Is your organization still using the SSL/early TLS protocols? Do you work with online and e-commer... READ MORE

Industry Participation Critical to Payment Security

Posted by Mauro Lance on 20 Jun, 2017 in Awareness and Board of Advisors and Participation

At the PCI Security Standards Council (PCI SSC) one of our core values is participation. READ MORE

Resource Guide: Defending Against Phishing Attacks

Posted by Lindsay Goodspeed on 20 Jun, 2017 in Small Merchant Resources and Small Business and Educational Resource and Resource Guide and eCommerce and Phishing and Software

Hackers use phishing and other social engineering methods to target organizations with legitimate-... READ MORE

Council Adds Training to Bolster Secure Payment Application Installation

Posted by Lindsay Goodspeed on 1 Jun, 2017 in QIR and Interview and Training and Remote Access

In 2012 it was reported that 76% of data breaches were a result of security vulnerabilities introd... READ MORE

Consumers in Japan Push Businesses on Payment Security

Posted by Jeremy King on 31 May, 2017 in Breaches and APAC

For a nation at the forefront of technological innovation and adoption, consumers concerns about p... READ MORE

Infographic: It’s Time to Change your Password

Posted by Lindsay Goodspeed on 24 May, 2017 in Educational Resource and Infographic and Passwords

Passwords are critical for computer and payment data security. Just like a lock on the door protec... READ MORE

5 Questions with Swati Sharma

Posted by Lindsay Goodspeed on 12 May, 2017 in Interview and Community Meetings and QSA and TLS/SSL

Leading up to the Asia-Pacific Community Meeting in Bangkok, Thailand, speaker Swati Sharma, QSA, ... READ MORE

5 Questions with Chalee Vorakulpipat

Posted by Lindsay Goodspeed on 8 May, 2017 in Interview and Awareness and Community Meetings

Leading up to the Asia-Pacific Community Meeting in Bangkok, Thailand, keynote speaker Chalee Vora... READ MORE

Cybercrime challenges Asia-Pacific’s business landscape

Posted by Jeremy King on 2 May, 2017 in Breaches and PCI SSC and Hackers

Asia-Pacific is one of the leading regional hotspots for cybercrime. It’s been estimated that busi... READ MORE

Making the E-commerce Channel Safer

Posted by Lindsay Goodspeed on 26 Apr, 2017 in eCommerce and SIGs and Interview

The Council published Best Practices for Securing E-commerce which educates merchants on accepting... READ MORE

Hacking is an Industry – The Cybersecurity Skills Pipeline is not Strong Enough to Keep it at Bay

Posted by Mauro Lance on 25 Apr, 2017 in Hackers and Training and QSA

Hackers are proactive, relentless and constantly testing ways to exploit payment data for financia... READ MORE

Your Smart Home – A Hacker’s Playground?

Posted by Jeremy King on 18 Apr, 2017 in IoT and Breaches and PCI SSC

The truly smart home is closer than we think. A world where the toaster talks to the kettle, and t... READ MORE

Insights from a PCI Forensic Investigator

Posted by Laura K. Gray on 12 Apr, 2017 in PCI SSC and Interview and Breaches and PCI Forensic Investigator (PFI)

At the PCI Acquirer Forum in Las Vegas on 9 May, PCI Forensic Investigator (PFI) Tom Arnold, Payme... READ MORE

Making Payments Safer with PCI P2PE Solutions

Posted by Lindsay Goodspeed on 11 Apr, 2017 in Interview and Point to Point Encryption (P2PE)

Point-to-point encryption (P2PE) protects cardholder data from cybercriminals by encrypting data f... READ MORE

Infographic: Protecting your Payment Data from Malware

Posted by Lindsay Goodspeed on 10 Apr, 2017 in Small Merchant Resources and Small Business and Educational Resource and Infographic and Malware

Hackers use malicious code called malware (also called viruses) to break into computer systems and... READ MORE

Insights from the Verizon Data Breach Investigations Report

Posted by Lindsay Goodspeed on 29 Mar, 2017 in MEAF and Third Party Risk and Interview and Remote Access

In this post, we get insights from Chris Novak, Global Director of Verizon Enterprise Solutions. H... READ MORE

Minding the Cybersecurity Gap: New Associate QSA Program

Posted by Laura K. Gray on 29 Mar, 2017 in PCI SSC and Interview and QSA

At the PCI Middle East and Africa Forum in Cape Town, the PCI SSC announced plans to evolve the PC... READ MORE

Foregenix CEO on State of Payments in the African Region

Posted by Lindsay Goodspeed on 23 Mar, 2017 in Interview and MEAF and Point to Point Encryption (P2PE)

In this post, we get insights from Andrew Henwood CEO, Foregenix. He will present Local is Lekker:... READ MORE

Making a Global Impact: Shaping Payment Security in 2017

Posted by Laura K. Gray on 15 Mar, 2017 in Board of Advisors and Interview

The PCI Security Standards Council (PCI SSC) recently announced the election period for the next P... READ MORE

How the SHA-1 Collision Impacts Security of Payments

Posted by Lindsay Goodspeed on 14 Mar, 2017 in Guidance and PTS POI and Encryption

Recently, Google and CWI Institute in Amsterdam announced that they successfully created a “hash col... READ MORE

Resource Guide: Preventing Skimming Attacks

Posted by Lindsay Goodspeed on 6 Mar, 2017 in Small Merchant Resources and Small Business and Educational Resource and Resource Guide and ATM Security and Point of Sale (POS) and Skimming

“Skimming devices” sweep up your customers’ payment card data off the magnetic stripe when swiped ... READ MORE

Making a Global Impact: Cartes Bancaires

Posted by Laura K. Gray on 20 Feb, 2017 in Board of Advisors and Interview

The PCI Security Standards Council (PCI SSC) recently announced the nomination period for the next... READ MORE

Special Interest Group Q&A on E-Commerce Best Practices

Posted by Lindsay Goodspeed on 15 Feb, 2017 in SIGs and eCommerce

The Council just published Best Practices for Securing E-commerce which educates merchants on accept... READ MORE

Making a Global Impact: Wells Fargo

Posted by Laura K. Gray on 13 Feb, 2017 in Board of Advisors and Interview

The PCI Security Standards Council (PCI SSC) recently announced the nomination period for the next... READ MORE

Understanding New PCI Guidance on MFA

Posted by Laura K. Gray on 9 Feb, 2017 in PCI SSC and Multi-Factor Authentication and PCI DSS and Guidance and Interview and Passwords

Attackers continue to compromise valid credentials to access company networks and steal data. To h... READ MORE

Making a Global Impact: Ingenico

Posted by Laura K. Gray on 7 Feb, 2017 in Board of Advisors and Interview

The PCI Security Standards Council (PCI SSC) recently announced the nomination period for the next... READ MORE

Resource Guide: Defending Against Ransomware

Posted by Lindsay Goodspeed on 6 Feb, 2017 in Small Merchant Resources and Small Business and Educational Resource and Resource Guide and eCommerce and Malware and Ransomware and Software

Ransomware is the fastest growing malware threat. In a ransomware attack, criminals will infiltrat... READ MORE

Making a Global Impact: Barclaycard

Posted by Laura K. Gray on 1 Feb, 2017 in Board of Advisors and Interview

The PCI Security Standards Council (PCI SSC) recently announced the nomination period for the next... READ MORE

Council CTO on E-commerce Best Practices

Posted by Lindsay Goodspeed on 31 Jan, 2017 in SIGs and eCommerce and TLS/SSL

The Council just published Best Practices for Securing E-commerce which educates merchants on acce... READ MORE

What do new PCI DSS SAQ changes mean?

Posted by Laura K. Gray on 30 Jan, 2017 in PCI DSS

Self-Assessment Questionnaires (SAQ) are forms used by eligible organizations to report the result... READ MORE

Google Warns Users of Insecure Sites: What You Need to Know

Posted by Lindsay Goodspeed on 25 Jan, 2017 in SIGs and eCommerce and Small Business and TLS/SSL

By the end of January, Google will update its Chrome browser to warn users when a website that acc... READ MORE

Making a Global Impact: Worldpay

Posted by Laura K. Gray on 25 Jan, 2017 in Board of Advisors and Interview

The PCI Security Standards Council (PCI SSC) recently announced the nomination period for the next... READ MORE

3 Things To Know About Ransomware, Fast

Posted by Laura K. Gray on 24 Jan, 2017 in Data Privacy Day and Phishing and Hackers and Patching and Malware and Ransomware

In the spirit of Data Privacy Day and raising awareness around safeguarding data against cybercrim... READ MORE

Resource Guide: Tips to Protect Online Businesses from Cyberattack

Posted by Lindsay Goodspeed on 3 Jan, 2017 in Small Merchant Resources and Small Business and Educational Resource and Resource Guide and Malware and eCommerce and Passwords and Patching

Small and medium businesses are a growing target for cybercriminals. Using the internet, data thie... READ MORE

SMB Security Tips: Protect Your Business from the Internet

Posted by Laura K. Gray on 21 Dec, 2016 in Small Business and Small Merchant Resources and SMB Series and Breaches and Hackers

Small and medium businesses around the world are increasingly at risk for payment data theft. Near... READ MORE

SMB Security Tips: Devalue Your Payment Card Data

Posted by Laura K. Gray on 21 Dec, 2016 in Small Business and Small Merchant Resources and SMB Series and Breaches and Hackers

Small and medium businesses around the world are increasingly at risk for payment data theft. Near... READ MORE

SMB Security Tips: Check for Software “Bugs”

Posted by Laura K. Gray on 20 Dec, 2016 in Small Business and Small Merchant Resources and SMB Series and Breaches and Hackers

Small and medium businesses around the world are increasingly at risk for payment data theft. Near... READ MORE

SMB Security Tips: Fight Off Malware

Posted by Laura K. Gray on 19 Dec, 2016 in Small Business and Small Merchant Resources and SMB Series and Breaches and Hackers and Malware

Small and medium businesses around the world are increasingly at risk for payment data theft. Near... READ MORE

Assessor Viewpoint: Q&A on Scoping and Segmentation Guidance

Posted by Lindsay Goodspeed on 15 Dec, 2016 in Interview and Scoping and PCI DSS and Segmentation and Guidance

The Council just published new Guidance for PCI DSS Scoping and Network Segmentation to help clarify... READ MORE

SMB Security Tips: Don’t Leave the Door Open for Hackers

Posted by Laura K. Gray on 9 Dec, 2016 in Small Business and Small Merchant Resources and SMB Series and Breaches and Hackers and Remote Access

Small and medium businesses around the world are increasingly at risk for payment data theft. Near... READ MORE

Council CTO Discusses Scoping and Segmentation Guidance

Posted by Lindsay Goodspeed on 9 Dec, 2016 in Interview and Scoping and PCI DSS

The Council just published new Guidance for PCI DSS Scoping and Network Segmentation to help clarify... READ MORE

Worldpay: Fighting Back Against Fraud with PCI P2PE

Posted by Laura K. Gray on 30 Nov, 2016 in Point to Point Encryption (P2PE) and Small Merchant Resources and Interview and Small Business

Point-to-Point Encryption (P2PE) technology makes data unreadable so it has no value to criminals ev... READ MORE

SMB Security: 3 Steps To Protect Online Businesses Against Cybercrime

Posted by Elizabeth Terry on 29 Nov, 2016 in Small Business and Small Merchant Resources and SMB Series and Phishing and Passwords and Holidays and eCommerce and Breaches and Software and Hackers and Patching

With the holidays around the corner and with 57% of consumers shopping online (National Retail Fed... READ MORE

SMB Security Tips: Keep Hackers Out!

Posted by Laura K. Gray on 22 Nov, 2016 in Small Business and Small Merchant Resources and SMB Series

Small and medium businesses around the world are increasingly at risk for payment data theft. Near... READ MORE

P2PE: Assessing Non-listed Encryption Solutions

Posted by Laura K. Gray on 22 Nov, 2016 in Point to Point Encryption (P2PE)

Point-to-Point Encryption (P2PE) technology makes data unreadable so it has no value to criminals ... READ MORE

5 Questions with Community Meeting Speaker David Phister

Posted by Lindsay Goodspeed on 16 Nov, 2016 in Interview and Community Meetings and ATM Security

In this post, we get insights from David Phister, Diebold Nixdorf Product Management – Platform Se... READ MORE

SMB Security Tips: Vendor Security

Posted by Laura K. Gray on 10 Nov, 2016 in Small Business and Small Merchant Resources and SMB Series and Remote Access

Small and medium businesses around the world are increasingly at risk for payment data theft. Nearly... READ MORE

SMB Security Tips: There’s a Patch for That!

Posted by Laura K. Gray on 28 Oct, 2016 in Small Business and Small Merchant Resources and SMB Series and Patching

Small and medium businesses around the world are increasingly at risk for payment data theft. Nearly... READ MORE

Cyber Security Awareness Month: Building a Culture of Security

Posted by Lindsay Goodspeed on 28 Oct, 2016 in Cyber Security Awareness Month and BAU and PCI DSS and Interview and Small Business

As an Official Champion of National Cyber Security Awareness Month (NCSAM), the PCI Council will b... READ MORE

How Awareness Training Can Reduce Data Breach Costs

Posted by Lindsay Goodspeed on 27 Oct, 2016 in Cyber Security Awareness Month and Training and Awareness and Phishing and Interview

To mark Global Payment Security Education Week: 24-28 October 2016, the PCI Council is offering fr... READ MORE

5 Questions with Community Meeting Speaker Brian Hussey

Posted by Lindsay Goodspeed on 19 Oct, 2016 in Interview and Community Meetings

In this post, we get insights from Brian Hussey, Global Director of Incident Response & Readiness ... READ MORE

SMB Security Tips: Inspect and Protect

Posted by Laura K. Gray on 18 Oct, 2016 in Small Business and Small Merchant Resources and SMB Series

Small and medium businesses around the world are increasingly at risk for payment data theft. Near... READ MORE

5 Questions with Community Meeting Speaker Christopher Novak

Posted by Lindsay Goodspeed on 18 Oct, 2016 in Interview and Community Meetings and Small Business

In this post, we get insights from Christopher Novak, Director, Investigative Response, Verizon RI... READ MORE

5 Questions with Community Meeting Speaker Chris Strand

Posted by Lindsay Goodspeed on 17 Oct, 2016 in Interview and Community Meetings

In this post, we get insights from Chris Strand, Security and Risk Compliance Officer at Carbon Bl... READ MORE

How Company Culture Can Defend Against Cyber Attacks

Posted by Lindsay Goodspeed on 13 Oct, 2016 in Cyber Security Awareness Month and Small Business and Point to Point Encryption (P2PE) and Passwords and PCI DSS

As an Official Champion of National Cyber Security Awareness Month (NCSAM), the Council will be sh... READ MORE

Securing Account Data with Point-to-Point Encryption

Posted by Laura K. Gray on 12 Oct, 2016 in Point to Point Encryption (P2PE) and Interview

Point-to-Point Encryption (P2PE) is a critical technology for devaluing payment card data and prev... READ MORE

SMB Security Tips: If You Don’t Need It, Don’t Store It

Posted by Laura K. Gray on 10 Oct, 2016 in Small Business and Small Merchant Resources and SMB Series

Small and medium businesses around the world are increasingly at risk for payment data theft. Near... READ MORE

SMB Security Tips: The Power of the Password

Posted by Laura K. Gray on 7 Oct, 2016 in Passwords and Small Business and Small Merchant Resources and SMB Series

Small and medium businesses around the world are increasingly at risk for payment data theft. Near... READ MORE

Cyber Security Awareness Month: Phishing

Posted by Lindsay Goodspeed on 6 Oct, 2016 in Phishing and Community Meetings and Cyber Security Awareness Month

As an Official Champion of National Cyber Security Awareness Month (NCSAM), the Council will be sh... READ MORE

5 Questions with Community Meeting Speaker Beth O’Brien

Posted by Laura K. Gray on 19 Sep, 2016 in Interview and Community Meetings and Passwords

In this post, we get insights from Beth O’Brien, Principal Product Marketing Manager, RSA, The Sec... READ MORE

5 Questions with Community Meeting Speaker Peggy Nolan

Posted by Laura K. Gray on 16 Sep, 2016 in Interview and Community Meetings and SIGs

In this post, we get insights from Peggy Nolan Principal IT Compliance Analyst at Liberty Mutual G... READ MORE

5 Questions with Community Meeting Speaker Tim Rohrbaugh

Posted by Laura K. Gray on 14 Sep, 2016 in Interview and Community Meetings

In this post, we get insights from Tim Rohrbaugh, VP North America, ControlCase, along with Kishor... READ MORE

The North America Community Meeting Mobile App is Here!

Posted by Laura K. Gray on 14 Sep, 2016 in Community Meetings

The North America Community Meeting mobile app is a free and easy-to-use resource. Access the latest... READ MORE

5 Questions with Community Meeting Speaker Joseph Pierini

Posted by Laura K. Gray on 13 Sep, 2016 in Interview and Community Meetings and Penetration Testing and SIGs

In this post, we get insights from Joseph Pierini, Director of Technical Services at Payment Softw... READ MORE

5 Questions with Community Meeting Speaker Jacob Ansari

Posted by Laura K. Gray on 12 Sep, 2016 in Interview and Community Meetings and Compliance

In this post, we get insights from Jacob Ansari, Manager at Schellman & Company, Inc. He will pres... READ MORE

Amazon Web Services: Cloud Security and PCI DSS 3.2 Compliance

Posted by Laura K. Gray on 9 Sep, 2016 in Interview and Community Meetings and Cloud Security and PCI DSS

Cloud service provider Amazon Web Services (AWS) recently announced its successful adoption of the l... READ MORE

5 Questions with Greg Johnson

Posted by Laura K. Gray on 1 Sep, 2016 in Interview and Community Meetings and Passwords

In this post, we get insights from Greg Johnson, Vice President of business development at A-Lign. H... READ MORE

National Restaurant Association: The Bottom Line: Your Business is at Risk

Posted by Laura K. Gray on 26 Jul, 2016 in Interview and PCI DSS and Small Business

In this blog post we talk with the National Restaurant Association’s David Matthews, co-chair of the... READ MORE

Barclaycard: Simplifying payment security

Posted by Laura K. Gray on 19 Jul, 2016 in Interview and PCI DSS and Small Business

The PCI Security Standards Council (PCI SSC) Small Merchant Taskforce recently published a set of pa... READ MORE

Focusing on the Fundamentals: Payment Protection Resources for Small Businesses

Posted by Laura K. Gray on 7 Jul, 2016 in Interview and PCI DSS and Small Business

The Council has just published a set of payment data protection basics for small businesses. READ MORE

Assessor Viewpoint: Adopting PCI DSS 3.2, multi-factor authentication and more

Posted by Laura K. Gray on 1 Jun, 2016 in TLS/SSL and Interview and PCI DSS and Multi-Factor Authentication and Passwords

Following publication of PCI Data Security Standard version 3.2 (PCI DSS) we sat down with READ MORE

PA-DSS 3.2: What’s New?

Posted by Laura K. Gray on 27 May, 2016 in Interview and PCI DSS and PA-DSS and QIR and Remote Access

The Council has just released version 3.2 of the Payment Application Data Security Standard (PA-DSS)... READ MORE

PCI DSS 3.2: What’s New with SAQs

Posted by Laura K. Gray on 3 May, 2016 in TLS/SSL and Interview and PCI DSS

In our previous PCI DSS 3.2: What’s New? post, we outlined the key changes in the latest version of ... READ MORE

PCI DSS 3.2: What’s New?

Posted by Laura K. Gray on 28 Apr, 2016 in TLS/SSL and Interview and PCI DSS

With the ink barely dry on the newest version of the industry standard for payment data protection, ... READ MORE

Preparing for PCI DSS 3.2: Summary of Changes

Posted by Laura K. Gray on 19 Apr, 2016 in TLS/SSL and Interview and PCI DSS

In our earlier blog post Planning for PCI DSS 3.2: Key Dates, we outlined important dates and milest... READ MORE

SSL/Early TLS: Navigating Payment Application Validations

Posted by Brandy Cumberland on 11 Apr, 2016 in TLS/SSL and Interview

The removal of Secure Sockets Layer (SSL)/ early Transport Layer Security (TLS) as examples of sec... READ MORE

Why Become a PCI Professional? Here are 3 Good Reasons

Posted by Gill Woodcock on 8 Apr, 2016 in Guidance and Training and Awareness and PCI DSS and PCI Professional

If you are looking at the PCI Professional (PCIP) program you may be asking “What’s in it for me?” o... READ MORE

Planning for PCI DSS 3.2: Key Dates

Posted by Laura K. Gray on 31 Mar, 2016 in TLS/SSL and PCI DSS

In our Preparing for PCI DSS 3.2: What to Expect in 2016 blog post earlier this year, we outlined wh... READ MORE

ECPA and PCI: Collaborating on Global Payment Data Protection

Posted by Laura K. Gray on 22 Mar, 2016 in Interview

In this blog post we talk with International Director Jeremy King on how the European Card Payment A... READ MORE

Chris Novak: "Nobody is Immune from Breaches"

Posted by Laura K. Gray on 17 Mar, 2016 in Interview and Middle East

The PCI Security Standards Council will host the second Middle East Forum on 6-7 April 2016 in Dubai... READ MORE

SSL/Early TLS: Working with an ASV on Failed Scans

Posted by Laura K. Gray on 10 Mar, 2016 in TLS/SSL and Interview

In removing Secure Sockets Layer (SSL)/ early Transport Layer Security (TLS) as examples of secure e... READ MORE

Devaluing Data with Point-to-Point Encryption: 3 Tips for Merchants

Posted by Jeremy King on 4 Mar, 2016 in Point to Point Encryption (P2PE)

There are many points payment card data can be exposed as it travels through a merchant’s systems ... READ MORE

A View from the Middle East with Izdehar Safarini

Posted by Laura K. Gray on 2 Mar, 2016 in Interview and Middle East

The PCI Security Standards Council will host the second Middle East Forum on 6-7 April 2016 in Dubai... READ MORE

Preparing for PCI DSS 3.2: What to Expect in 2016

Posted by Laura K. Gray on 17 Feb, 2016 in TLS/SSL and Interview and PCI DSS

With the December 2015 bulletin extending the deadline for Secure Sockets Layer (SSL)/Early Transpor... READ MORE

Acquirers: The Acquirer Checklist Resource is Available for Download!

Posted by Brandy Cumberland on 5 Feb, 2016 in Acquirers

One exciting topic from our recent PCI Acquirer Forum conference call was the introduction of the op... READ MORE

Assessing and Reporting Against PCI DSS v3.1: The Impact of New Migration Dates for SSL and Early TLS

Posted by Emma Sutcliffe on 3 Feb, 2016 in TLS/SSL

On 18 December 2015 the Council extended the PCI Data Security Standard (PCI DSS) deadline for mig... READ MORE

It's Data Privacy Day! Awareness starts with you.

Posted by Linda Rudder on 28 Jan, 2016 in Training and Awareness

International Data Privacy Day is designed to raise awareness and promote best practices for protect... READ MORE

3 Ways to Protect Against Phishing Attacks in 2016

Posted by Laura K. Gray on 25 Jan, 2016 in Phishing

“Phishing” happens when cybercriminals use specially crafted, seemingly legitimate-looking emails ... READ MORE

Acquirers: There's a PCI Forum Just for You!

Posted by Laura K. Gray on 15 Jan, 2016 in Acquirers and Events

Merchants rely heavily on their acquiring banks to help them with their PCI security efforts. We und... READ MORE

A Closer Look: The PCI Forensic Investigator (PFI) Program

Posted by Gill Woodcock on 8 Jan, 2016 in PCI Forensic Investigator (PFI) and Training and Certification

Data breaches have been in the news a great deal lately, and in the event of a breach of cardholder ... READ MORE

PCI Changes Date for Migrating from SSL and Early TLS

Posted by Laura K. Gray on 5 Jan, 2016 in eCommerce and TLS/SSL

As noted in our initial post in December 2015, the Council officially extended the migration complet... READ MORE

TEST Security: Could You and Your Employees Pass a Security Awareness Test?

Posted by Laura K. Gray on 23 Dec, 2015 in Small Business and Holidays and Passwords

Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during thi... READ MORE

TEST Security: Are You Using Tested Products and Vendors?

Posted by Laura K. Gray on 23 Dec, 2015 in Small Business and Holidays and Vendors and Remote Access and QIR and Point to Point Encryption (P2PE) and Validated Payment Applications

Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during thi... READ MORE

TEST Security: Who’s Checking Your POS Device for Skimming?

Posted by Laura K. Gray on 23 Dec, 2015 in Small Business and Holidays and Skimming and Point of Sale (POS)

Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during thi... READ MORE

TEST Security: Is Your Anti-Hacking Software Working?

Posted by Laura K. Gray on 23 Dec, 2015 in Software and Small Business and Holidays and Hackers and Malware and Patching

Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during thi... READ MORE

CHECK Controls: Don’t Lose Your Business to a Bad Password!

Posted by Laura K. Gray on 22 Dec, 2015 in Small Business and Holidays and Passwords

Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during thi... READ MORE

Be AWARE: Repelling Attacks by Killer Web Apps

Posted by Laura K. Gray on 22 Dec, 2015 in Small Business and Apps and Malware

Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during thi... READ MORE

CHECK Controls: Using a Firewall to Block Attacks from the Internet

Posted by Laura K. Gray on 21 Dec, 2015 in Small Business and Holidays and Firewalls and Patching

Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during thi... READ MORE

Date Change for Migrating from SSL and Early TLS

Posted by Laura K. Gray on 18 Dec, 2015 in eCommerce and TLS/SSL

The Payment Card Industry Security Standards Council (PCI SSC) is extending the migration completion... READ MORE

Be AWARE: Restricting Unauthorized Access

Posted by Laura K. Gray on 17 Dec, 2015 in Small Business and Holidays and Apps and Remote Access and QIR

Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during thi... READ MORE

CHECK Controls: Plugging Security Holes with Patching

Posted by Laura K. Gray on 17 Dec, 2015 in Small Business and Holidays and Patching and Approved Scanning Vendors and QIR

Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during thi... READ MORE

CHECK Controls: Protecting Cardholder Data with Encryption

Posted by Laura K. Gray on 15 Dec, 2015 in Small Business and Point to Point Encryption (P2PE) and Holidays

Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during thi... READ MORE

New PCI SSC Blog: PCI Perspectives

Posted by Laura K. Gray on 11 Dec, 2015 in Welcome

It’s official. We’re launching a blog! What does that mean for you? READ MORE

Be AWARE: Malware Is One Gift You Don’t Want This Holiday!

Posted by Laura K. Gray on 11 Nov, 2015 in Software and Small Business and Holidays and Malware and Patching

Our 12-post series explores how small retailers can ACT now to repel data thieves during this prime ... READ MORE

Be AWARE: How “Skimmers” Steal Payment Card Data

Posted by Laura K. Gray on 9 Nov, 2015 in Small Business and Holidays and Skimming

Our 12-post series explores how small retailers can ACT now to repel data thieves during this prime ... READ MORE

ACT now to get ahead of the holiday hacker season!

Posted by Laura K. Gray on 6 Nov, 2015 in Small Business and Holidays

Small Business: You are the prime holiday target for computer hackers! Why should you be concerned? READ MORE

Assessor Viewpoint: On PCI Point-to-Point Encryption (P2PE) Solutions

Posted by Dr. Stephan Engelke on 5 Nov, 2015 in Point to Point Encryption (P2PE)

Many merchants face issues in becoming PCI Data Security Standard (DSS) compliant and maintaining th... READ MORE

Thoughts from the PCI Community Meeting

Posted by Rob Sadowski, RSA on 5 Oct, 2015 in Community Meetings

The annual Community Meetings are the best way for anyone who has a stake in payment security to tak... READ MORE

Collaboration: the Word of the Week

Posted by Kelly Funk on 3 Oct, 2015 in Community Meetings

Who would have thought that a pilot, a journalist, numerous industry experts and myself would all se... READ MORE

The Endgame: Devaluing the Data Infographic

Posted by Laura K. Gray on 30 Sep, 2015 in Infographic and Community Meetings

“Let’s talk about our endgame. It’s about devaluing the data.” That’s how General Manager Stephen Or... READ MORE

New Guidance: Responding to a Data Breach

Posted by Laura K. Gray on 29 Sep, 2015 in Breaches and Guidance and Community Meetings

For any organization connected to the internet, it is not a question of if but when their business w... READ MORE

Mobile App: A Convenient Resource At Your Fingertips

Posted by Linda Rudder on 22 Sep, 2015 in Community Meetings

It’s the Community Meeting Mobile App – and it’s simple to use! With this resource, you can access t... READ MORE

How Blockchain Technology Offers Improvements to Payment Security

Posted by Laura K. Gray on 22 Sep, 2015 in Community Meetings

In this post, we get insights from Ashok Misra, CISSP, Founder at Alina Consultants. He will present... READ MORE

Training Opportunities at the Community Meetings

Posted by Linda Rudder on 3 Sep, 2015 in Training and Community Meetings

You already know the PCI SSC Community Meetings are a unique opportunity to get the latest technolog... READ MORE

Myths and Realities of PCI DSS Compliance in the Cloud

Posted by Laura K. Gray on 24 Aug, 2015 in Community Meetings

In this post, we get insights from Eric Naiburg, Director of Marketing at INetU. He will present in ... READ MORE

City of Calgary: The Big Picture of PCI DSS Compliance

Posted by Laura K. Gray on 20 Aug, 2015 in Community Meetings

In this blog post, we get insights from Lynda Daniluk, PCI Coordinator at the City of Calgary. She w... READ MORE