PCI Perspectives

Part One: Conceptual Differences Between SSF and PA-DSS

Posted by Alicia Malone on 2 Aug, 2021 in Software and Training and Awareness and Vendors and Interview and PA-DSS and PCI SSC and Software Security Framework

To assist stakeholders in their migration from PA-DSS to the Software Security Framework, PCI Securi... READ MORE

Transition to Version 1.1 for New Secure SLC and Secure Software Submissions

Posted by Alicia Malone on 30 Jul, 2021 in Software and Awareness and Software Security Framework

With the release of the Secure Software Lifecycle (“Secure SLC”) Standard v1.1 in February 2021 and ... READ MORE

Back-to-Basics: Use Strong Passwords

Posted by Mark Meissner on 27 Jul, 2021 in Software and Small Business and eCommerce and Breaches and Guidance and Patching and Hackers and Awareness and Vendors and Small Merchant Resources and SMB Series and BAU and COVID-19 and Back to Basics

As small and medium businesses begin to re-open following the pandemic, it’s important to do so se... READ MORE

Paving the way: Inspiring Women in Payments - A podcast featuring Marie Babineau

Posted by Alicia Malone on 22 Jul, 2021 in Interview and PCI SSC and Women in Payments

There was once a time when Marie Babineau felt she had to pretend to be one of the boys in order t... READ MORE

Request for Comments: PCI Card Production and Provisioning v3 Draft Standard

Posted by Lindsay Goodspeed on 21 Jul, 2021 in Participation and Request for Comments and Card Production

From 21 July to 20 August, PCI SSC stakeholders can participate in a Request for Comments (RFC) on P... READ MORE

Back-to-Basics: Reduce Where Payment Data Can Be Found

Posted by Lindsay Goodspeed on 20 Jul, 2021 in Software and Small Business and eCommerce and Breaches and Guidance and Patching and Hackers and Awareness and Vendors and Small Merchant Resources and SMB Series and BAU and COVID-19 and Back to Basics

As small and medium businesses begin to re-open following the pandemic, it’s important to do so se... READ MORE

PCI SSC Shares Resources for Navigating Changing Payment Environments

Posted by Lance J. Johnson on 13 Jul, 2021 in Software and Small Business and eCommerce and Breaches and Guidance and Patching and Hackers and Awareness and Vendors and Small Merchant Resources and SMB Series and BAU and COVID-19 and Back to Basics

Greetings to our PCI SSC stakeholder community! With 2021 half done, I wanted to take this opportu... READ MORE

Paving the way: Inspiring Women in Payments - A Q&A featuring Lacey Johnson

Posted by Alicia Malone on 6 Jul, 2021 in Interview and PCI SSC and Women in Payments

From Human Resources to IT Senior Program Manager, Lacey Johnson found her way to the payments ind... READ MORE

Request for Comments: PCI DSS v4.0 Draft Validation Documents

Posted by Lindsay Goodspeed on 28 Jun, 2021 in PCI DSS and Participation and Request for Comments and PCI DSS v4.0

From 28 June to 28 July, PCI SSC stakeholders can participate in a Request for Comments (RFC) on a d... READ MORE

Guidance: How PCI DSS Requirements Apply to WFH Environments

Posted by Lauren Holloway on 25 Jun, 2021 in PCI DSS and Remote Access and COVID-19

PCI DSS requirements may apply to work-from-home (WFH) environments in different ways, depending o... READ MORE

Request for Comments: PTS HSM Modular Security Requirements

Posted by Lindsay Goodspeed on 24 Jun, 2021 in Request for Comments and PTS HSM

From 24 June to 26 July 2021, PCI SSC stakeholders are invited to review and provide feedback on t... READ MORE

 New Training: Work from Home Security Awareness

Posted by Lindsay Goodspeed on 23 Jun, 2021 in Small Business and Training and Awareness and Interview and COVID-19

The COVID-19 pandemic has forever changed how companies and employees view working from home. It i... READ MORE

Paving the way: Inspiring Women in Payments - A Q&A featuring Sherri Collis

Posted by Alicia Malone on 22 Jun, 2021 in Interview and PCI SSC and Women in Payments

Sherri Collis spent most of her career as the lone female in the conference room, occupying roles ... READ MORE

Updated PCI DSS v4.0 Timeline

Posted by Lindsay Goodspeed on 17 Jun, 2021 in PCI DSS and PCI DSS v4.0

To follow up on an earlier communication, PCI SSC is now targeting a Q1 2022 publication date for ... READ MORE

Combating Against Malware Attacks: A Perspective from Brazil

Posted by Mark Meissner on 10 Jun, 2021 in Software and eCommerce and Breaches and Patching and Passwords and Malware and Hackers and Awareness and Vendors and PCI DSS and PA-DSS and Third Party Risk

PCI Security Standards Council (PCI SSC) and the Brazilian Association of Credit Card and Services... READ MORE

Paving the way: Inspiring Women in Payments - A podcast featuring Carey Ferro

Posted by Alicia Malone on 8 Jun, 2021 in Interview and PCI SSC and Women in Payments

Carey Ferro credits much of her success to having a healthy sense of curiosity. Asking questions a... READ MORE

New: Promote Your PCI SSC Certification with a Digital Badge

Posted by Lindsay Goodspeed on 4 Jun, 2021 in Training and Certification

The PCI SSC offers a range of  training and certification programs to support businesses in their ... READ MORE

Payment Security in India: A Discussion with Stakeholders

Posted by Mark Meissner on 3 Jun, 2021 in Interview and India

The PCI Security Standards Council (PCI SSC) Security Summit of India, an online event took place ... READ MORE

The Future of PCI SSC Mobile Standards

Posted by John Markh on 1 Jun, 2021 in Mobile and SPoC and Contactless

The Council is currently working on the next evolution of its mobile security standards. To date, ... READ MORE

Just published: SPoC Unsupported Operating Systems Annex

Posted by Alicia Malone on 20 May, 2021 in Mobile and SPoC and PIN Security Standard

The PCI Security Standards Council (PCI SSC) has published a new, optional, Software-based PIN Ent... READ MORE

Paving the way: Inspiring Women in Payments - A Q&A featuring Neha Abbad

Posted by Alicia Malone on 19 May, 2021 in Interview and PCI SSC and Women in Payments

Just prior to the onset of the COVID-19 pandemic in India, Neha Abbad got an opportunity to work a... READ MORE

Request for Comments: P2PE v3.1 Draft Standard

Posted by Lindsay Goodspeed on 18 May, 2021 in Point to Point Encryption (P2PE) and Participation and Request for Comments

P2PE Assessors and Participating Organizations are invited to provide feedback on the draft P2PE v... READ MORE

New Technical FAQs for PCI 3DS Security Standards

Posted by Lindsay Goodspeed on 17 May, 2021 in Mobile and 3DS

PCI SSC Sr. Manager Jake Marcinko discusses the two newly published PCI 3DS Core and 3DS SDK Techn... READ MORE

E-commerce Payment Security: A Perspective from Brazil

Posted by Mark Meissner on 11 May, 2021 in eCommerce and Interview and Brazil

It has been more than a year since the outbreak of the COVID-19 global pandemic which has had a si... READ MORE

Paving the way: Inspiring Women in Payments - A podcast featuring Anna-Magdalena Kohl

Posted by Alicia Malone on 3 May, 2021 in Interview and PCI SSC and Women in Payments

She started out pursuing a career in Human Resources, but soon learned it wasn’t the right fit. Wh... READ MORE

New Terminal Software Module Introduced in PCI Secure Software Standard Version 1.1

Posted by Alicia Malone on 29 Apr, 2021 in Software and Training and Awareness and Vendors and PA-DSS and PTS POI and Software Security Framework

Today, the PCI Security Standards Council (PCI SSC) published version 1.1 of the PCI Secure Softwa... READ MORE

Payment Security in South Africa: A Discussion with Stakeholders

Posted by Mark Meissner on 22 Apr, 2021 in Events and Interview and PCI SSC

The PCI SSC Security Summit of South Africa, an online event took place this week with more than 3... READ MORE

Q&A on the Optional P2PE Solution Inventory Template

Posted by Lindsay Goodspeed on 21 Apr, 2021 in Point to Point Encryption (P2PE) and Interview and Encryption

Point-to-Point Encryption (P2PE) technology makes data unreadable so it has no value to criminals ... READ MORE

Paving the way: Inspiring Women in Payments - A Q&A featuring Sarah Lambert

Posted by Alicia Malone on 20 Apr, 2021 in Interview and PCI SSC and Women in Payments

Sarah Lambert knows that exposure to technology at an early age can make all the difference in whe... READ MORE

Paving the way: Inspiring Women in Payments - A podcast featuring Noel Haskins-Hafer

Posted by Alicia Malone on 12 Apr, 2021 in Interview and PCI SSC and Women in Payments

With a background in Russian language and literature, Noel Haskins-Hafer might have seemed like an... READ MORE

Educate Your Whole Team with Corporate Group Training Classes

Posted by Alicia Malone on 31 Mar, 2021 in Training and Awareness and Certification and Interview

Through Corporate Group Training, the PCI Security Standards Council (PCI SSC) offers a great way to... READ MORE

Reduced Certification Requirements for PA-QSA Secure Software Assessor Candidates until 30 June 2021

Posted by Alicia Malone on 30 Mar, 2021 in Software and Point to Point Encryption (P2PE) and Training and Awareness and Certification and Vendors and PA-DSS and QSA and Software Security Framework

When the Payment Application Data Security Standard (PA-DSS) v3.2 closes on 28 October 2022, it will... READ MORE

Paving the way: Inspiring Women in Payments - A podcast featuring Global Payments

Posted by Alicia Malone on 23 Mar, 2021 in Interview and PCI SSC and Women in Payments

In recognition of Women’s History Month, the PCI Security Standards Council is pleased to bring yo... READ MORE

Paving the way: Inspiring Women in Payments - A Q&A featuring Cindy vanBree

Posted by Alicia Malone on 15 Mar, 2021 in Interview and PCI SSC and Women in Payments

She’s been recognized by U.S. agency heads for her award-winning contributions to national securit... READ MORE

Just Released: Version 3.1 of the PCI PIN Security Standard

Posted by Lindsay Goodspeed on 12 Mar, 2021 in PIN Security Standard

Today, the PCI SSC published a minor revision to the PCI PIN Security Requirements and Testing Pro... READ MORE

Paving the way: Inspiring Women in Payments - A podcast featuring Natasja Bolton

Posted by Alicia Malone on 4 Mar, 2021 in Interview and PCI SSC and Women in Payments

With more than 20 years in the technology industry, Natasja Bolton’s experience has largely been a... READ MORE

PCI DSS v4.0 Timeline Updated to Support an Additional RFC

Posted by Lindsay Goodspeed on 26 Feb, 2021 in PCI DSS and Request for Comments and PCI DSS v4.0

Industry feedback is fundamental to the evolution of the PCI Data Security Standard (PCI DSS). Bec... READ MORE

Paving the way: Inspiring Women in Payments - A Q&A featuring Jen Stone

Posted by Alicia Malone on 22 Feb, 2021 in Interview and PCI SSC and Women in Payments

She was a single mom with three kids in daycare, no child support, and a job as an executive assis... READ MORE

PCI Secure SLC Program Expands Vendor Eligibility with Version 1.1

Posted by Alicia Malone on 18 Feb, 2021 in Software and Training and Awareness and Vendors and PA-DSS and Software Security Framework

Today, the PCI Security Standards Council (PCI SSC) published version 1.1 of the PCI Secure Software... READ MORE

Paving the way: Inspiring Women in Payments - A podcast featuring Angel Grant

Posted by Alicia Malone on 10 Feb, 2021 in Interview and PCI SSC and Women in Payments

When she’s not perfecting her lock-picking skills, Angel Grant is busy building a diverse team who... READ MORE

Request for Comments: PTS HSM Security Requirements v4.0

Posted by Lindsay Goodspeed on 9 Feb, 2021 in Participation and Request for Comments and PTS HSM

PTS Vendors who are Participating Organizations and PCI Recognized labs are invited to review and ... READ MORE

Paving the way: Inspiring Women in Payments - A Q&A featuring Sheryl Benedict

Posted by Alicia Malone on 29 Jan, 2021 in Interview and PCI SSC and Women in Payments

After seeing the 1983 film WarGames as a child, Sheryl Benedict became fascinated by computer tech... READ MORE

PCI SSC Executive Director Discusses New Board and 2021 Priorities

Posted by Lance J. Johnson on 28 Jan, 2021 in Awareness and Interview and PCI DSS and Board of Advisors and Participation and Mobile and Software Security Framework and PCI DSS v4.0

With the start of a new year, PCI SSC Executive Director Lance Johnson welcomes the new 2021-2022 Bo... READ MORE

PCI SSC Announces 2021 Special Interest Group Election Results

Posted by Alicia Malone on 27 Jan, 2021 in Guidance and SIGs and Participation

Following its annual Special Interest Group (SIG) election process, the PCI Security Standards Cou... READ MORE

Paving the way: Inspiring Women in Payments - A podcast featuring Nicole Braun

Posted by Alicia Malone on 20 Jan, 2021 in Interview and PCI SSC and Women in Payments

At times, Nicole Braun was the only female Qualified Security Assessor (QSA) in the entire country... READ MORE

Request for Comments: SPoC Unsupported Operating Systems Annex

Posted by Alicia Malone on 6 Jan, 2021 in Participation and Mobile and Request for Comments and SPoC and PIN Security Standard

From 6 January 2021 to 4 February 2021, PCI SSC stakeholders can participate in a Request for Comm... READ MORE

A Q&A with Gill Woodcock, VP, Global Head of Programs

Posted by Alicia Malone on 8 Dec, 2020 in Interview and PCI SSC and Women in Payments

After more than 10 years at PCI Security Standards Council (PCI SSC), Gill Woodcock, VP, Global He... READ MORE

Vote Now for 2021 Special Interest Group Projects

Posted by Alicia Malone on 23 Nov, 2020 in Guidance and SIGs and Participation

From now through 21 December 2020, PCI SSC Participating Organizations are invited to vote on prop... READ MORE

SAFECode and PCI SSC Discuss the Evolution of Secure Software

Posted by Alicia Malone on 20 Nov, 2020 in Software and Guidance and Awareness and Interview and PCI DSS and PA-DSS and PCI SSC and Third Party Risk and Software Security Framework

When the PCI Security Standards Council (PCI SSC) developed its Software Security Framework (SSF) a ... READ MORE

Payment Security in India: 2020 India Forum

Posted by Mark Meissner on 19 Nov, 2020 in Small Business and PCI Forensic Investigator (PFI) and eCommerce and Breaches and Training and Events and Awareness and Interview and Board of Advisors and PCI SSC and QSA and Participation and India

As Associate Director for India, Nitin Bhatnagar is responsible for driving awareness and adoption o... READ MORE

How to Successfully Transition Software from PA-DSS to the PCI Secure Software Standard

Posted by Alicia Malone on 11 Nov, 2020 in Software and Training and Acquirers and Vendors and Interview and PA-DSS and QSA and Software Security Framework

On 28 October 2022, the Payment Application Data Security Standard (PA-DSS) program will officially ... READ MORE

A Message from PCI SSC Executive Director Lance Johnson: Vote for the 2021-2022 Board of Advisors

Posted by Lance J. Johnson on 9 Nov, 2020 in Board of Advisors and Participation

Every two years we ask PCI SSC Participating Organizations to nominate candidates and then vote to e... READ MORE

Request for Comments: PCI Card Production v3 Draft Standard

Posted by Lindsay Goodspeed on 6 Nov, 2020 in Participation and Request for Comments and Card Production

From 2 November to 1 December 2020, PCI SSC stakeholders can participate in a Request for Comments... READ MORE

Women in Payments: Q&A with Gina Gobeyn

Posted by Alicia Malone on 3 Nov, 2020 in Interview and PCI SSC and Women in Payments

From businesswoman to cybersecurity chief, Gina Gobeyn took a nontraditional route to the payments... READ MORE

Making a Difference: Global Payments

Posted by Alicia Malone on 22 Oct, 2020 in Interview and Board of Advisors and Participation and COVID-19

The PCI Security Standards Council (PCI SSC) recently announced the nomination period for the next... READ MORE

Beware of Account Testing Attacks

Posted by Mark Meissner on 21 Oct, 2020 in Breaches and Patching and Passwords and PCI DSS and PCI DSS v4.0

PCI SSC's Troy Leach and NCFTA's Matt LaVigna share guidance and information on protecting against A... READ MORE

Making a Difference: Accor

Posted by Alicia Malone on 20 Oct, 2020 in Interview and Board of Advisors and Participation and COVID-19

The PCI Security Standards Council (PCI SSC) recently announced the nomination period for the next... READ MORE

Beware of ATM Cash-Outs

Posted by Mark Meissner on 7 Oct, 2020 in Breaches and Patching and Passwords and Malware and Hackers and Skimming and Phishing and Awareness and PCI DSS and Penetration Testing and Multi-Factor Authentication and Remote Access and PCI DSS v4.0

PCI SSC and ATMIA share guidance and information on protecting against ATM Cash-outs. READ MORE

Women in Payments: Q&A with Diana Greenhaw

Posted by Alicia Malone on 6 Oct, 2020 in Interview and PCI SSC and Women in Payments

Protecting data is everyone’s responsibility, according to Diana Greenhaw who followed a nontradit... READ MORE

PCI PIN Security in Practice Case Study: First Tech

Posted by Lindsay Goodspeed on 1 Oct, 2020 in Case Study and Brazil and Regional Engagement Board and PIN Security Standard

In this PCI PIN Security Requirements in Practice Case Study, Brazil Regional Engagement Board Mem... READ MORE

The Value of the PCI Secure Software Lifecycle Standard for Software Vendors

Posted by Alicia Malone on 30 Sep, 2020 in Software and Training and Vendors and PA-DSS and Software Security Framework

The PCI Secure Software Lifecycle (Secure SLC) Standard is part of the PCI Software Security Framewo... READ MORE

What to Know Before Participating in a PCI SSC RFC

Posted by Lindsay Goodspeed on 29 Sep, 2020 in PCI DSS and Participation and Request for Comments and Resource Guide and PCI DSS v4.0

The PCI SSC Request for Comments (RFC) process is an avenue for PCI SSC stakeholders to provide fe... READ MORE

Request for Comments: PCI DSS Version 4.0 Draft Standard

Posted by Lindsay Goodspeed on 23 Sep, 2020 in PCI DSS and Participation and Request for Comments and PCI DSS v4.0

From 23 September to 13 November 2020, PCI SSC stakeholders can participate in a Request for Comme... READ MORE

PCI PIN Security in Practice Case Study: Gertec

Posted by Lindsay Goodspeed on 21 Sep, 2020 in Case Study and Brazil and Regional Engagement Board and PIN Security Standard

In this PCI DSS in Practice Case Study, Brazil Regional Engagement Board Member Gertec shares how ... READ MORE

PCI DSS in Practice Case Study: PicPay

Posted by Lindsay Goodspeed on 16 Sep, 2020 in PCI DSS and Case Study and Brazil and Regional Engagement Board

In this PCI DSS in Practice Case Study, Brazil Regional Engagement Board Member PicPay shares how ... READ MORE

PCI SSC to Host its 2020 Community Meetings Online as Virtual Events

Posted by Alicia Malone on 15 Sep, 2020 in Events and Community Meetings and Interview and PCI SSC and Participation and Remote Access

In an unprecedented year, PCI Security Standards Council (PCI SSC) will host its 2020 Community Me... READ MORE

Benefits of Becoming a Participating Organization

Posted by Jeremy King on 14 Sep, 2020 in Training and Community Meetings and SIGs and Board of Advisors and Participation and Participating Organizations

It is great that your organization takes securing payment data seriously. Now is the time to take ... READ MORE

NIST and PCI SSC Find Common Ground in Development of Software Frameworks

Posted by Alicia Malone on 10 Sep, 2020 in Software and Guidance and Awareness and Interview and PCI DSS and PA-DSS and PCI SSC and Software Security Framework

The National Institute of Standards and Technology (NIST) and the PCI Security Standards Council (PC... READ MORE

Women in Payments: Q&A with Julie Krueger

Posted by Alicia Malone on 8 Sep, 2020 in Interview and PCI SSC and Women in Payments

When Julie Krueger graduated from college 35 years ago, only five percent of her electrical engine... READ MORE

Registration Now Open for Software Security Framework New Assessor Training

Posted by Alicia Malone on 3 Sep, 2020 in Software and Training and Software Security Framework and Assessors

Registration is now open for Software Security Framework (SSF) New Assessor Training. PCI Security S... READ MORE

PCI DSS in Practice Case Study: CSU

Posted by Lindsay Goodspeed on 2 Sep, 2020 in PCI DSS and Case Study and Brazil and Regional Engagement Board

In this PCI DSS in Practice Case Study, Brazil Regional Engagement Board Member CSU Cardsystem S.A... READ MORE

PCI DSS in Practice Case Study: Cielo

Posted by Lindsay Goodspeed on 26 Aug, 2020 in PCI DSS and Case Study and Brazil and Regional Engagement Board

In this PCI DSS in Practice Case Study, Brazil Regional Engagement Board Member Cielo shares the c... READ MORE

Make a Difference: Serve on the 2021-2022 PCI SSC Board of Advisors

Posted by Alicia Malone on 18 Aug, 2020 in Interview and Board of Advisors and Participation and FAQ

Every two years, PCI Security Standards Council asks its Participating Organizations to elect its ne... READ MORE

PCI SSC Offers Informational Training via New eLearning Platform

Posted by Alicia Malone on 13 Aug, 2020 in Training and Certification and Interview

PCI Security Standards Council (PCI SSC) has adopted a new eLearning platform to move all informat... READ MORE

Women in Payments: Q&A with Robin Trickel

Posted by Alicia Malone on 12 Aug, 2020 in Interview and PCI SSC and Women in Payments

Companies achieve more when a variety of perspectives are represented at the table. In this month’... READ MORE

What's Next for PCI SSC Mobile Payments Security Standards?

Posted by Ralph Spencer Poore on 31 Jul, 2020 in Mobile and SPoC and Contactless

PCI SSC has published Software-based PIN-entry on COTS (SPoC)™ v1.1, Contactless Payments on COTS ... READ MORE

A View into Feedback from the PCI DSS v4.0 RFC

Posted by Lauren Holloway on 29 Jul, 2020 in PCI DSS and Participation and Request for Comments and Participating Organizations and PCI DSS v4.0

PCI SSC recently concluded the review of over 3,000 comments submitted for the first PCI DSS v4.0 ... READ MORE

Women in Payments: Q&A with Lisa Conroy

Posted by Alicia Malone on 14 Jul, 2020 in Interview and PCI SSC and Women in Payments

Though she didn’t initially set out to prevent crime, when Lisa Conroy was first involved in data se... READ MORE

What’s New in PCI SPoC Security Standard Version 1.1?

Posted by Alicia Malone on 25 Jun, 2020 in Software and Apps and Interview and PTS POI and Mobile and SPoC and Contactless

Today, the PCI SSC published a minor revision to the PCI SPoC Security Standard. Version 1.1 of th... READ MORE

Just Updated: PTS POI Standard

Posted by Lindsay Goodspeed on 16 Jun, 2020 in Software and PTS POI and Mobile and Remote Access

Today, PCI SSC has published PCI PIN Transaction Security (PTS) Point-of-Interaction (POI) Modular... READ MORE

What to Know About the Approved Scanning Vendor Program

Posted by Lindsay Goodspeed on 10 Jun, 2020 in Training and Awareness and Interview and PCI SSC

New vulnerabilities, security holes and bugs are being discovered daily. It is vital to have Inter... READ MORE

We Are All in This Together: Responding to the COVID-19 Pandemic

Posted by Alicia Malone on 4 Jun, 2020 in Guidance and Training and Phishing and Awareness and Interview and Multi-Factor Authentication and Remote Access and Video and COVID-19

Global representatives of the PCI Security Standards Council recently came together, via a virtual... READ MORE

Women in Payments: Q&A with Diane Rogerson

Posted by Alicia Malone on 2 Jun, 2020 in Interview and PCI SSC and Women in Payments

Diane Rogerson didn’t choose a career in cybersecurity; rather, it chose her. In this month’s blog s... READ MORE

PCI DSS v4.0: Anticipated Timelines and Latest Updates

Posted by Lindsay Goodspeed on 29 May, 2020 in PCI DSS and PCI SSC and QSA and Participation and PCI DSS v4.0

JUNE 2021 UPDATE: PCI SSC is now targeting a Q1 2022 publication date for PCI DSS v4.0. Read this ... READ MORE

Request for Comments: PIN v3.1 Standard Draft

Posted by Lindsay Goodspeed on 29 May, 2020 in Participation and Request for Comments and PIN Security Standard

From 29 May 2020 to 30 June 2020, PCI SSC stakeholders can participate in a Request for Comments (... READ MORE

Request for Comments: Secure Software Standard Update: Draft Terminal Software Module

Posted by Alicia Malone on 21 May, 2020 in Software and PA-DSS and QSA and Participation and Request for Comments and Software Security Framework

From 21 May to 22 June 2020, PCI SSC stakeholders can participate in a Request for Comments (RFC) ... READ MORE

2020 – 2022 Global Executive Assessor Roundtable

Posted by Alicia Malone on 19 May, 2020 in Awareness and Interview and Participation and GEAR

In 2018, PCI Security Standards Council established its first Global Executive Assessor Roundtable (... READ MORE

Women in Payments: Q&A with Julie Quandt

Posted by Alicia Malone on 5 May, 2020 in Interview and PCI SSC and Women in Payments

Julie Quandt used to be the only woman in the room at her corporate meetings. In this month’s Women ... READ MORE

Beware of Online Skimming Threats During the COVID-19 Crisis

Posted by Mark Meissner on 4 May, 2020 in eCommerce and Breaches and Guidance and Patching and Passwords and Malware and Hackers and Skimming and Awareness and Interview and PCI DSS and Multi-Factor Authentication and PCI SSC and COVID-19

PCI SSC and the U.S. Chamber of Commerce shares guidance and information on protecting against onlin... READ MORE

Maintaining POS Device Security and Cleanliness

Posted by Emma Sutcliffe on 30 Apr, 2020 in Point of Sale (POS) and COVID-19

With the global spread of COVID-19, awareness about the potential risks associated with touching pub... READ MORE

Additional Remote Assessment Considerations During COVID-19

Posted by Emma Sutcliffe on 28 Apr, 2020 in PCI SSC and QSA and Remote Access and COVID-19

PCI SSC recognizes that in the current exceptional circumstances relating to COVID-19, entities are ... READ MORE

Updated Guidance: Responding to a Data Breach

Posted by Gill Woodcock on 22 Apr, 2020 in PCI Forensic Investigator (PFI) and Training and Certification and Resource Guide

PCI Security Standards Council recently updated the guidance document: Responding to a Cardholder Da... READ MORE

8 Tips for Small Merchants: Protecting Payment Data During COVID-19

Posted by Lindsay Goodspeed on 21 Apr, 2020 in Small Business and Patching and Passwords and Small Merchant Resources and SMB Series and Remote Access and Resource Guide and COVID-19

The COVID-19 pandemic is quickly changing how many small merchants accept payments. Merchants that... READ MORE

7 Common Questions about CPEs During COVID-19

Posted by Lindsay Goodspeed on 17 Apr, 2020 in Point to Point Encryption (P2PE) and Training and QSA and FAQ and COVID-19

Continuing professional education is an important component of PCI SSC Qualification. Staying up to ... READ MORE

Women in Payments: Q&A with Tracey Long

Posted by Alicia Malone on 7 Apr, 2020 in Interview and PCI SSC and Women in Payments

After 10 years on the police force, Tracey Long knew a thing or two about fraud. In this month’s blo... READ MORE

How the PCI DSS Can Help Remote Workers

Posted by Emma Sutcliffe on 26 Mar, 2020 in Patching and Passwords and Firewalls and Awareness and PCI DSS and Multi-Factor Authentication and Remote Access and COVID-19

PCI SSC shares guidance for protecting payment data and how to work securely when connecting and wor... READ MORE

Beware of COVID-19 Online Scams and Threats

Posted by Troy Leach on 25 Mar, 2020 in Patching and Passwords and Firewalls and Hackers and Phishing and Awareness and PCI DSS and Multi-Factor Authentication and Remote Access and COVID-19

PCI SSC shares guidance on protecting against COVID-19 scams and threats. READ MORE

Protecting Payments While Working Remotely

Posted by Lindsay Goodspeed on 23 Mar, 2020 in SIGs and BAU and Remote Access and COVID-19

PCI SSC is dedicated to providing necessary guidance to the payments industry during evolving circum... READ MORE

Women in Payments: Q&A with Marie-Christine Vittet

Posted by Alicia Malone on 17 Mar, 2020 in Interview and PCI SSC and Women in Payments

For Marie-Christine Vittet, cybersecurity is more than a job, it’s a way of life. In this month’s bl... READ MORE

Important Training Schedule Update: Instructor-Led Trainings (ILT) Canceled

Posted by Alicia Malone on 16 Mar, 2020 in Point to Point Encryption (P2PE) and Training and Awareness and QSA and COVID-19

Updated 29 June 2020 With the primary concern continuing to be for the safety of everyone involved, ... READ MORE

How Industry Feedback is Shaping the Future of PCI DSS

Posted by Lance J. Johnson on 12 Mar, 2020 in PCI DSS and Participation and Request for Comments and Strategic Framework and Participating Organizations and PCI DSS v4.0

The Council recently conducted its most successful Request for Comment (RFC) ever - on the initial d... READ MORE

Remote Assessments and the Coronavirus

Posted by Troy Leach on 11 Mar, 2020 in QSA and PIN Assessments and COVID-19

Troy Leach, Senior Vice President, Engagement Officer, PCI SSC, discusses guidance for performing as... READ MORE

Expiration Date Extended for PTS POI v.3 Devices

Posted by Lindsay Goodspeed on 10 Mar, 2020 in Awareness and Compliance and PTS POI and COVID-19

Due to supply-chain disruptions related to the coronavirus, the PCI Council has extended the expir... READ MORE

Request for Comments: Software-based PIN Entry on COTS Standard v1.1

Posted by Lindsay Goodspeed on 5 Mar, 2020 in PTS POI and Participation and Request for Comments and SPoC and Contactless and QPA

From 2 March to 14 April 2020, PCI SSC stakeholders can participate in a Request for Comments (RFC... READ MORE

PCI SSC Statement on COVID-19

Posted by Lance J. Johnson on 4 Mar, 2020 in Awareness and COVID-19

PCI SSC is aware of the unprecedented situation caused by the spread of COVID-19. As circumstances e... READ MORE

New Guidance: PCI DSS for Large Organizations

Posted by Lindsay Goodspeed on 20 Feb, 2020 in PCI DSS and Compliance and SIGs and BAU and Resource Guide

PCI Security Standards Council has published a new Information Supplement: PCI DSS for Large Organiz... READ MORE

Women in Payments: Q&A with Amy Zirkle

Posted by Mark Meissner on 6 Feb, 2020 in Interview and PCI SSC and Women in Payments

We at the PCI Security Standards Council believe strongly that there is a need for more women in cyb... READ MORE

PCI SSC in Brazil: New Regional Engagement Board for 2020

Posted by Lindsay Goodspeed on 29 Jan, 2020 in Participation and Brazil and Regional Engagement Board

PCI SSC has announced a newly expanded Brazil Regional Engagement Board. Here we talk with PCI SSC... READ MORE

Request for Comments: PCI PTS Point of Interaction (POI) v6

Posted by Lindsay Goodspeed on 28 Jan, 2020 in PTS POI and QSA and Participation and Request for Comments and QPA

From 24 January to 24 February 2020, PCI SSC stakeholders can participate in a Request for Comment... READ MORE

How Industry Collaboration Created a Unified PIN Standard

Posted by Mark Meissner on 20 Jan, 2020 in Interview and PIN Assessments

On the blog we discuss a joint collaboration between PCI SSC and ASC X9 to create a unified PIN stan... READ MORE

Online Skimming and Payment Security

Posted by Mark Meissner on 9 Jan, 2020 in eCommerce and Breaches and Guidance and Patching and Hackers and Awareness and Interview and PCI DSS and Multi-Factor Authentication and PCI SSC

On the blog, we cover basic questions with Christopher D. Roberti, Senior Vice President for Cyber, ... READ MORE

Women in Payments: Q&A with Stacy Hughes

Posted by Mark Meissner on 6 Jan, 2020 in Interview and PCI SSC and Women in Payments

We at the PCI Security Standards Council believe strongly that there is a need for more women in cyb... READ MORE

Increasing Industry Participation and Knowledge

Posted by Laura K. Gray on 18 Dec, 2019 in Interview and PCI SSC and Participation and Strategic Framework

Increasing industry participation and knowledge is a core pillar in the PCI Security Standards Counc... READ MORE

P2PE v3.0: What Merchants Need to Know

Posted by Lindsay Goodspeed on 12 Dec, 2019 in Point to Point Encryption (P2PE)

The updates to the P2PE Standard and supporting program is part of the Council’s mission to evolve s... READ MORE

P2PE v3.0: What Vendors and Assessors Need to Know

Posted by Lindsay Goodspeed on 12 Dec, 2019 in Point to Point Encryption (P2PE) and Interview

The updates to the P2PE Standard and supporting program are part of the Council’s mission to evolve ... READ MORE

Increasing Standards Alignment and Consistency

Posted by Laura K. Gray on 11 Dec, 2019 in Interview and PCI SSC and Participation and Strategic Framework

Increasing standards alignment and consistency is a core pillar in the PCI Security Standards Counci... READ MORE

Be Alert this Holiday Season: Payment Security Tips for Businesses

Posted by Mark Meissner on 5 Dec, 2019 in Small Business and Small Merchant Resources and Educational Resource

On this blog we explore the challenges around security of payment data during the hectic holiday sea... READ MORE

Just Published: PCI Contactless Payments on COTS

Posted by Laura K. Gray on 4 Dec, 2019 in Mobile and Contactless

The PCI Security Standards Council (PCI SSC) has published a new data security standard for solution... READ MORE

Securing Emerging Payment Channels

Posted by Laura K. Gray on 3 Dec, 2019 in Interview and PCI SSC and Participation and Strategic Framework

Securing emerging payment channels is a core pillar in the PCI Security Standards Council’s (PCI SSC... READ MORE

ISA in Practice Case Study: TIVIT

Posted by Laura K. Gray on 21 Nov, 2019 in Training and Case Study and Internal Security Assessor (ISA) and Brazil and Regional Engagement Board

To better serve its customers in the payment card industry and support their PCI Data Security Sta... READ MORE

Evolving PCI Standards and Validation

Posted by Laura K. Gray on 20 Nov, 2019 in Interview and PCI SSC and Participation and Strategic Framework

Evolving PCI Standards and Validation is a core pillar in the PCI Security Standards Council’s strat... READ MORE

ISA in Practice Case Study: Braspag

Posted by Laura K. Gray on 14 Nov, 2019 in Training and Case Study and Internal Security Assessor (ISA) and Brazil and Regional Engagement Board

Driven by a need to improve internal security controls, help improve the company’s interactions wi... READ MORE

Vote Now for 2020 Special Interest Group Projects

Posted by Lindsay Goodspeed on 11 Nov, 2019 in Guidance and SIGs and Participation

From now through 25 November PCI SSC Participating Organizations are invited to vote on proposals ... READ MORE

PCI DSS in Practice Case Study: FIS

Posted by Laura K. Gray on 7 Nov, 2019 in PCI DSS and Case Study and Brazil and Regional Engagement Board

FIS faced the challenge of coordinating several simultaneous assessments across its organization a... READ MORE

Key Blocks 104

Posted by Mark Meissner on 4 Nov, 2019 in Point to Point Encryption (P2PE) and Encryption and PIN Security Standard and Key Blocks

The PCI PIN Standard requires implementation of Key Blocks. On this blog, the fourth of the series, ... READ MORE

Participation Opportunity: 2020-2021 Brazil Regional Engagement Board

Posted by Laura K. Gray on 1 Nov, 2019 in PCI DSS and Participation and Brazil and Regional Engagement Board

From 1-29 November 2019, the PCI Security Standards Council (PCI SSC) is accepting nominations from ... READ MORE

What to Know about PCIP Requalification

Posted by Elizabeth Terry on 30 Oct, 2019 in Training and Awareness and Certification and Participation and PCIP

The Payment Card Industry Professional (PCIP) is an individual, entry-level qualification in payme... READ MORE

Request for Comments: PCI DSS Version 4.0

Posted by Laura K. Gray on 28 Oct, 2019 in PCI DSS and Request for Comments and PCI DSS v4.0

From 28 October to 13 December 2019, PCI SSC stakeholders can participate in a Request for Comment... READ MORE

Coming Soon: New Contactless Standard

Posted by Laura K. Gray on 23 Oct, 2019 in Community Meetings and Interview and PTS POI and Mobile and Contactless

In December, PCI SSC plans to publish a new standard for solutions that enable “tap and go” transa... READ MORE

How the Council is Evolving to Secure the Future of Payments

Posted by Lindsay Goodspeed on 22 Oct, 2019 in Community Meetings and Interview and PCI DSS and PCI DSS v4.0

In his presentation at the 2019 PCI Community Meeting this week in Dublin, Chief Technology Officer ... READ MORE

Resource Guide: Transitioning from PA-DSS to the Software Security Framework

Posted by Laura K. Gray on 21 Oct, 2019 in Apps and Community Meetings and PA-DSS and Resource Guide and Software Security Framework

The PCI Security Standards Council (PCI SSC) has published a resource guide with key information t... READ MORE

PCI DSS in Practice Case Study: Braspag

Posted by Laura K. Gray on 17 Oct, 2019 in PCI DSS and Case Study and Brazil and Regional Engagement Board

Braspag was challenged with managing the costs involved with implementing and maintaining the PCI ... READ MORE

PCI DSS in Practice Case Study: Decolar

Posted by Laura K. Gray on 10 Oct, 2019 in PCI DSS and Cloud Security and Case Study and Brazil and Regional Engagement Board

Decolar needed to ensure that PCI Data Security Standard (PCI DSS) controls were being maintained ... READ MORE

New Assessor Opportunity: PCI Software Security Framework

Posted by Laura K. Gray on 2 Oct, 2019 in QSA and Software Security Framework and Assessors

PCI SSC has launched a new assessor qualification program to support the PCI Software Security Fra... READ MORE

3 Things to Know About P2PE v3.0

Posted by Lindsay Goodspeed on 19 Sep, 2019 in Point to Point Encryption (P2PE) and Community Meetings

The PCI P2PE Standard provides a comprehensive set of security requirements for validation of P2PE s... READ MORE

5 Questions About PCI DSS v4.0

Posted by Laura K. Gray on 18 Sep, 2019 in Community Meetings and PCI DSS and Request for Comments and PCI DSS v4.0

In this interview with the Council’s Global Head of Standards, Emma Sutcliffe, we address key questi... READ MORE

Executive Director Q&A: PCI SSC Strategic Framework

Posted by Laura K. Gray on 17 Sep, 2019 in Community Meetings and Interview and PCI SSC and Participation and Strategic Framework

In his keynote presentation at the 2019 PCI Community Meeting this week in Vancouver, Executive Dire... READ MORE

Understanding the PCI Software Security Framework: New Educational Resources

Posted by Laura K. Gray on 16 Sep, 2019 in Apps and PA-DSS and Resource Guide and Software Security Framework

Ahead of the North America Community Meeting this week in Vancouver, PCI SSC has published new educ... READ MORE

Closing the Gender Gap in Payment Security

Posted by Mark Meissner on 30 Aug, 2019 in Interview and PCI SSC

September 1, 2019 is International Women in Cyber Day. On the blog, we profile Emma Sutcliffe, Head... READ MORE

Key Blocks 103

Posted by Mark Meissner on 27 Aug, 2019 in Point to Point Encryption (P2PE) and Encryption and PIN Security Standard and Key Blocks

The PCI PIN Standard requires implementation of Key Blocks. On the blog, the third of the series, w... READ MORE

Regional Update: PCI Latin America Forum in Brazil

Posted by Laura K. Gray on 16 Aug, 2019 in Interview and Participation and Brazil and Regional Engagement Board

The PCI SSC Latin America Forum took place this week in São Paulo, Brazil, gathering more than 350 p... READ MORE

Key Blocks 102

Posted by Mark Meissner on 15 Aug, 2019 in Encryption and PIN Security Standard and Key Blocks

The PCI PIN Standard requires implementation of Key Blocks. On the blog, we cover basic questions a... READ MORE

3 Things to Know about PCI DSS v4.0 Development

Posted by Laura K. Gray on 5 Aug, 2019 in PCI DSS and Request for Comments and PCI DSS v4.0

PCI SSC stakeholders play an important role in the ongoing evolution of the PCI Data Security Standa... READ MORE

The Threat of Online Skimming to Payment Security

Posted by Mark Meissner on 1 Aug, 2019 in eCommerce and Breaches and Guidance and Patching and Hackers and Phishing and Awareness and PCI DSS and Multi-Factor Authentication and PCI SSC

How the emerging threat of online skimming presents a great threat to the payment security community... READ MORE

Information Supplement: Best Practices for Maintaining PCI DSS Compliance

Posted by Lindsay Goodspeed on 31 Jul, 2019 in PCI DSS and Compliance and SIGs and BAU and Resource Guide

Information Supplement: Best Practices for Maintaining PCI DSS Compliance provides updated guidance ... READ MORE

5 Common Questions About Continuing Professional Education Credits

Posted by Elizabeth Terry on 25 Jul, 2019 in Point to Point Encryption (P2PE) and Training and QSA and FAQ

Continuing professional education is an important component of PCI SSC Qualification. Staying up to ... READ MORE

Request for Comments: Contactless Payments on COTS Standard

Posted by Laura K. Gray on 22 Jul, 2019 in Mobile and Request for Comments and Contactless

From 22 July to 20 August 2019, PCI SSC stakeholders can participate in a Request for Comments (RFC)... READ MORE

PCI Software Security Framework FAQS: PA-DSS Impact and Transition

Posted by Laura K. Gray on 19 Jul, 2019 in Software and PA-DSS and FAQ and Software Security Framework

New FAQs address key questions on the transition from PA-DSS to the PCI Software Security Framework. READ MORE

NIST Mapping

Posted by Mark Meissner on 17 Jul, 2019 in Infographic and Guidance and PCI DSS

Mapping PCI DSS v. 3.2.1 to the NIST Cybersecurity Framework v. 1.1 How meeting PCI DSS requiremen... READ MORE

FAQ: Can organizations use alternative password management methods to meet PCI DSS Requirement 8?

Posted by Lindsay Goodspeed on 11 Jul, 2019 in Passwords and PCI DSS and Multi-Factor Authentication and FAQ

Did you know that the Frequently Asked Questions (FAQ) resource on the PCI SSC website is updated re... READ MORE

Key Blocks 101

Posted by Mark Meissner on 9 Jul, 2019 in Encryption and PIN Security Standard and Key Blocks

The PCI PIN Security Requirements and Testing Procedures (PCI PIN Security Standard) require impleme... READ MORE

New Software Security Framework Programs: Timeline & Key Milestones

Posted by Laura K. Gray on 26 Jun, 2019 in Software and Apps and Interview and PA-DSS and Software Security Framework

PCI SSC has announced the rollout of the Secure Software Lifecycle (Secure SLC) and Secure Software ... READ MORE

Guidance: PIN Security Requirement 18-3 Key Blocks

Posted by Laura K. Gray on 19 Jun, 2019 in Guidance and PIN Security Standard and Key Blocks

The PIN Security Requirement 18-3 Key Blocks Information Supplement provides a series of FAQs to hel... READ MORE

PCI on Mobile Payment Acceptance: SPoC and Contactless Updates

Posted by Laura K. Gray on 29 May, 2019 in Software and Mobile and SPoC and Contactless

PCI SSC recently completed the first of two request for comments (RFC) periods on the draft PCI Co... READ MORE

PCI Software Security Framework: Update on Assessor Qualification

Posted by Laura K. Gray on 23 May, 2019 in Software and Apps and Interview and PA-DSS and Software Security Framework

Who will be eligible to conduct assessments under the PCI Software Security Framework? How will th... READ MORE

Request for Comments: P2PE Standard v3.0

Posted by Lindsay Goodspeed on 22 May, 2019 in Point to Point Encryption (P2PE) and Participation and Request for Comments

From 20 May to 19 June, PCI SSC stakeholders can participate in a Request for Comments (RFC) on th... READ MORE

Programs Update: PCI Software Security Framework

Posted by Laura K. Gray on 25 Apr, 2019 in Software and Apps and Interview and PCI DSS and Software Security Framework

New validation programs are being developed to support the PCI Software Security Standards. Together... READ MORE

PCI Standards in 2019: Q&A with CTO Troy Leach

Posted by Laura K. Gray on 12 Apr, 2019 in Point to Point Encryption (P2PE) and Interview and PCI DSS and PTS POI and Third Party Risk and Participation and Request for Comments and SPoC and Software Security Framework and Contactless and PCI DSS v4.0

What do stakeholders need to know about PCI Security Standards in 2019? PCI SSC Chief Technology Off... READ MORE