PCI Perspectives

What’s New in PCI SPoC Security Standard Version 1.1?

Posted by Alicia Malone on 25 Jun, 2020 in Software and Apps and Interview and PTS POI and Mobile and SPoC and Contactless

Today, the PCI SSC published a minor revision to the PCI SPoC Security Standard. Version 1.1 of th... READ MORE

Just Updated: PTS POI Standard

Posted by Lindsay Goodspeed on 16 Jun, 2020 in Software and PTS POI and Mobile and Remote Access

Today, PCI SSC has published PCI PIN Transaction Security (PTS) Point-of-Interaction (POI) Modular... READ MORE

What to Know About the Approved Scanning Vendor Program

Posted by Lindsay Goodspeed on 10 Jun, 2020 in Training and Awareness and Interview and PCI SSC

New vulnerabilities, security holes and bugs are being discovered daily. It is vital to have Inter... READ MORE

We Are All in This Together: Responding to the COVID-19 Pandemic

Posted by Alicia Malone on 4 Jun, 2020 in Guidance and Training and Phishing and Awareness and Interview and Multi-Factor Authentication and Remote Access and Video and COVID-19

Global representatives of the PCI Security Standards Council recently came together, via a virtual... READ MORE

Women in Payments: Q&A with Diane Rogerson

Posted by Alicia Malone on 2 Jun, 2020 in Interview and PCI SSC and Women in Payments

Diane Rogerson didn’t choose a career in cybersecurity; rather, it chose her. In this month’s blog s... READ MORE

PCI DSS v4.0: Anticipated Timelines and Latest Updates

Posted by Lindsay Goodspeed on 29 May, 2020 in PCI DSS and PCI SSC and QSA and Participation and PCI DSS v4.0

Industry feedback, together with the changes in payments, technology, and security, is driving our... READ MORE

Request for Comments: PIN v3.1 Standard Draft

Posted by Lindsay Goodspeed on 29 May, 2020 in Participation and Request for Comments and PIN Security Standard

From 29 May 2020 to 30 June 2020, PCI SSC stakeholders can participate in a Request for Comments (... READ MORE

Request for Comments: Secure Software Standard Update: Draft Terminal Software Module

Posted by Alicia Malone on 21 May, 2020 in Software and PA-DSS and QSA and Participation and Request for Comments and Software Security Framework

From 21 May to 22 June 2020, PCI SSC stakeholders can participate in a Request for Comments (RFC) ... READ MORE

2020 – 2022 Global Executive Assessor Roundtable

Posted by Alicia Malone on 19 May, 2020 in Awareness and Interview and Participation and GEAR

In 2018, PCI Security Standards Council established its first Global Executive Assessor Roundtable (... READ MORE

Women in Payments: Q&A with Julie Quandt

Posted by Alicia Malone on 5 May, 2020 in Interview and PCI SSC and Women in Payments

Julie Quandt used to be the only woman in the room at her corporate meetings. In this month’s Women ... READ MORE

Beware of Online Skimming Threats During the COVID-19 Crisis

Posted by Mark Meissner on 4 May, 2020 in eCommerce and Breaches and Guidance and Patching and Passwords and Malware and Hackers and Skimming and Awareness and Interview and PCI DSS and Multi-Factor Authentication and PCI SSC and COVID-19

PCI SSC and the U.S. Chamber of Commerce shares guidance and information on protecting against onlin... READ MORE

Maintaining POS Device Security and Cleanliness

Posted by Emma Sutcliffe on 30 Apr, 2020 in Point of Sale (POS) and COVID-19

With the global spread of COVID-19, awareness about the potential risks associated with touching pub... READ MORE

Additional Remote Assessment Considerations During COVID-19

Posted by Emma Sutcliffe on 28 Apr, 2020 in PCI SSC and QSA and Remote Access and COVID-19

PCI SSC recognizes that in the current exceptional circumstances relating to COVID-19, entities are ... READ MORE

Updated Guidance: Responding to a Data Breach

Posted by Gill Woodcock on 22 Apr, 2020 in PCI Forensic Investigator (PFI) and Training and Certification and Resource Guide

PCI Security Standards Council recently updated the guidance document: Responding to a Cardholder Da... READ MORE

8 Tips for Small Merchants: Protecting Payment Data During COVID-19

Posted by Lindsay Goodspeed on 21 Apr, 2020 in Small Business and Patching and Passwords and Small Merchant Resources and SMB Series and Remote Access and Resource Guide and COVID-19

The COVID-19 pandemic is quickly changing how many small merchants accept payments. Merchants that... READ MORE

7 Common Questions about CPEs During COVID-19

Posted by Lindsay Goodspeed on 17 Apr, 2020 in Point to Point Encryption (P2PE) and Training and QSA and FAQ and COVID-19

Continuing professional education is an important component of PCI SSC Qualification. Staying up to ... READ MORE

Women in Payments: Q&A with Tracey Long

Posted by Alicia Malone on 7 Apr, 2020 in Interview and PCI SSC and Women in Payments

After 10 years on the police force, Tracey Long knew a thing or two about fraud. In this month’s blo... READ MORE

How the PCI DSS Can Help Remote Workers

Posted by Emma Sutcliffe on 26 Mar, 2020 in Patching and Passwords and Firewalls and Awareness and PCI DSS and Multi-Factor Authentication and Remote Access and COVID-19

PCI SSC shares guidance for protecting payment data and how to work securely when connecting and wor... READ MORE

Beware of COVID-19 Online Scams and Threats

Posted by Troy Leach on 25 Mar, 2020 in Patching and Passwords and Firewalls and Hackers and Phishing and Awareness and PCI DSS and Multi-Factor Authentication and Remote Access and COVID-19

PCI SSC shares guidance on protecting against COVID-19 scams and threats. READ MORE

Protecting Payments While Working Remotely

Posted by Lindsay Goodspeed on 23 Mar, 2020 in SIGs and BAU and Remote Access and COVID-19

PCI SSC is dedicated to providing necessary guidance to the payments industry during evolving circum... READ MORE

Women in Payments: Q&A with Marie-Christine Vittet

Posted by Alicia Malone on 17 Mar, 2020 in Interview and PCI SSC and Women in Payments

For Marie-Christine Vittet, cybersecurity is more than a job, it’s a way of life. In this month’s bl... READ MORE

Important Training Schedule Update: Instructor-Led Trainings (ILT) Canceled

Posted by Alicia Malone on 16 Mar, 2020 in Point to Point Encryption (P2PE) and Training and Awareness and QSA and COVID-19

Updated 29 June 2020 With the primary concern continuing to be for the safety of everyone involved, ... READ MORE

How Industry Feedback is Shaping the Future of PCI DSS

Posted by Lance J. Johnson on 12 Mar, 2020 in PCI DSS and Participation and Request for Comments and Strategic Framework and Participating Organizations and PCI DSS v4.0

The Council recently conducted its most successful Request for Comment (RFC) ever - on the initial d... READ MORE

Remote Assessments and the Coronavirus

Posted by Troy Leach on 11 Mar, 2020 in QSA and PIN Assessments and COVID-19

Troy Leach, Senior Vice President, Engagement Officer, PCI SSC, discusses guidance for performing as... READ MORE

Expiration Date Extended for PTS POI v.3 Devices

Posted by Lindsay Goodspeed on 10 Mar, 2020 in Awareness and Compliance and PTS POI and COVID-19

Due to supply-chain disruptions related to the coronavirus, the PCI Council has extended the expir... READ MORE

Request for Comments: Software-based PIN Entry on COTS Standard v1.1

Posted by Lindsay Goodspeed on 5 Mar, 2020 in PTS POI and Participation and Request for Comments and SPoC and Contactless and QPA

From 2 March to 14 April 2020, PCI SSC stakeholders can participate in a Request for Comments (RFC... READ MORE

PCI SSC Statement on COVID-19

Posted by Lance J. Johnson on 4 Mar, 2020 in Awareness and COVID-19

PCI SSC is aware of the unprecedented situation caused by the spread of COVID-19. As circumstances e... READ MORE

New Guidance: PCI DSS for Large Organizations

Posted by Lindsay Goodspeed on 20 Feb, 2020 in PCI DSS and Compliance and SIGs and BAU and Resource Guide

PCI Security Standards Council has published a new Information Supplement: PCI DSS for Large Organiz... READ MORE

Women in Payments: Q&A with Amy Zirkle

Posted by Mark Meissner on 6 Feb, 2020 in Interview and PCI SSC and Women in Payments

We at the PCI Security Standards Council believe strongly that there is a need for more women in cyb... READ MORE

PCI SSC in Brazil: New Regional Engagement Board for 2020

Posted by Lindsay Goodspeed on 29 Jan, 2020 in Participation and Brazil and Regional Engagement Board

PCI SSC has announced a newly expanded Brazil Regional Engagement Board. Here we talk with PCI SSC... READ MORE

Request for Comments: PCI PTS Point of Interaction (POI) v6

Posted by Lindsay Goodspeed on 28 Jan, 2020 in PTS POI and QSA and Participation and Request for Comments and QPA

From 24 January to 24 February 2020, PCI SSC stakeholders can participate in a Request for Comment... READ MORE

How Industry Collaboration Created a Unified PIN Standard

Posted by Mark Meissner on 20 Jan, 2020 in Interview and PIN Assessments

On the blog we discuss a joint collaboration between PCI SSC and ASC X9 to create a unified PIN stan... READ MORE

Online Skimming and Payment Security

Posted by Mark Meissner on 9 Jan, 2020 in eCommerce and Breaches and Guidance and Patching and Hackers and Awareness and Interview and PCI DSS and Multi-Factor Authentication and PCI SSC

On the blog, we cover basic questions with Christopher D. Roberti, Senior Vice President for Cyber, ... READ MORE

Women in Payments: Q&A with Stacy Hughes

Posted by Mark Meissner on 6 Jan, 2020 in Interview and PCI SSC and Women in Payments

We at the PCI Security Standards Council believe strongly that there is a need for more women in cyb... READ MORE

Increasing Industry Participation and Knowledge

Posted by Laura K. Gray on 18 Dec, 2019 in Interview and PCI SSC and Participation and Strategic Framework

Increasing industry participation and knowledge is a core pillar in the PCI Security Standards Counc... READ MORE

P2PE v3.0: What Merchants Need to Know

Posted by Lindsay Goodspeed on 12 Dec, 2019 in Point to Point Encryption (P2PE)

The updates to the P2PE Standard and supporting program is part of the Council’s mission to evolve s... READ MORE

P2PE v3.0: What Vendors and Assessors Need to Know

Posted by Lindsay Goodspeed on 12 Dec, 2019 in Point to Point Encryption (P2PE) and Interview

The updates to the P2PE Standard and supporting program are part of the Council’s mission to evolve ... READ MORE

Increasing Standards Alignment and Consistency

Posted by Laura K. Gray on 11 Dec, 2019 in Interview and PCI SSC and Participation and Strategic Framework

Increasing standards alignment and consistency is a core pillar in the PCI Security Standards Counci... READ MORE

Be Alert this Holiday Season: Payment Security Tips for Businesses

Posted by Mark Meissner on 5 Dec, 2019 in Small Business and Small Merchant Resources and Educational Resource

On this blog we explore the challenges around security of payment data during the hectic holiday sea... READ MORE

Just Published: PCI Contactless Payments on COTS

Posted by Laura K. Gray on 4 Dec, 2019 in Mobile and Contactless

The PCI Security Standards Council (PCI SSC) has published a new data security standard for solution... READ MORE

Securing Emerging Payment Channels

Posted by Laura K. Gray on 3 Dec, 2019 in Interview and PCI SSC and Participation and Strategic Framework

Securing emerging payment channels is a core pillar in the PCI Security Standards Council’s (PCI SSC... READ MORE

ISA in Practice Case Study: TIVIT

Posted by Laura K. Gray on 21 Nov, 2019 in Training and Case Study and Internal Security Assessor (ISA) and Brazil and Regional Engagement Board

To better serve its customers in the payment card industry and support their PCI Data Security Sta... READ MORE

Evolving PCI Standards and Validation

Posted by Laura K. Gray on 20 Nov, 2019 in Interview and PCI SSC and Participation and Strategic Framework

Evolving PCI Standards and Validation is a core pillar in the PCI Security Standards Council’s strat... READ MORE

ISA in Practice Case Study: Braspag

Posted by Laura K. Gray on 14 Nov, 2019 in Training and Case Study and Internal Security Assessor (ISA) and Brazil and Regional Engagement Board

Driven by a need to improve internal security controls, help improve the company’s interactions wi... READ MORE

Vote Now for 2020 Special Interest Group Projects

Posted by Lindsay Goodspeed on 11 Nov, 2019 in Guidance and SIGs and Participation

From now through 25 November PCI SSC Participating Organizations are invited to vote on proposals ... READ MORE

PCI DSS in Practice Case Study: FIS

Posted by Laura K. Gray on 7 Nov, 2019 in PCI DSS and Case Study and Brazil and Regional Engagement Board

FIS faced the challenge of coordinating several simultaneous assessments across its organization a... READ MORE

Key Blocks 104

Posted by Mark Meissner on 4 Nov, 2019 in Point to Point Encryption (P2PE) and Encryption and PIN Security Standard and Key Blocks

The PCI PIN Standard requires implementation of Key Blocks. On this blog, the fourth of the series, ... READ MORE

Participation Opportunity: 2020-2021 Brazil Regional Engagement Board

Posted by Laura K. Gray on 1 Nov, 2019 in PCI DSS and Participation and Brazil and Regional Engagement Board

From 1-29 November 2019, the PCI Security Standards Council (PCI SSC) is accepting nominations from ... READ MORE

What to Know about PCIP Requalification

Posted by Elizabeth Terry on 30 Oct, 2019 in Training and Awareness and Certification and Participation and PCIP

The Payment Card Industry Professional (PCIP) is an individual, entry-level qualification in payme... READ MORE

Request for Comments: PCI DSS Version 4.0

Posted by Laura K. Gray on 28 Oct, 2019 in PCI DSS and Request for Comments and PCI DSS v4.0

From 28 October to 13 December 2019, PCI SSC stakeholders can participate in a Request for Comment... READ MORE

Coming Soon: New Contactless Standard

Posted by Laura K. Gray on 23 Oct, 2019 in Community Meetings and Interview and PTS POI and Mobile and Contactless

In December, PCI SSC plans to publish a new standard for solutions that enable “tap and go” transa... READ MORE

How the Council is Evolving to Secure the Future of Payments

Posted by Lindsay Goodspeed on 22 Oct, 2019 in Community Meetings and Interview and PCI DSS and PCI DSS v4.0

In his presentation at the 2019 PCI Community Meeting this week in Dublin, Chief Technology Officer ... READ MORE

Resource Guide: Transitioning from PA-DSS to the Software Security Framework

Posted by Laura K. Gray on 21 Oct, 2019 in Apps and Community Meetings and PA-DSS and Resource Guide and Software Security Framework

The PCI Security Standards Council (PCI SSC) has published a resource guide with key information t... READ MORE

PCI DSS in Practice Case Study: Braspag

Posted by Laura K. Gray on 17 Oct, 2019 in PCI DSS and Case Study and Brazil and Regional Engagement Board

Braspag was challenged with managing the costs involved with implementing and maintaining the PCI ... READ MORE

PCI DSS in Practice Case Study: Decolar

Posted by Laura K. Gray on 10 Oct, 2019 in PCI DSS and Cloud Security and Case Study and Brazil and Regional Engagement Board

Decolar needed to ensure that PCI Data Security Standard (PCI DSS) controls were being maintained ... READ MORE

New Assessor Opportunity: PCI Software Security Framework

Posted by Laura K. Gray on 2 Oct, 2019 in QSA and Software Security Framework and Assessors

PCI SSC has launched a new assessor qualification program to support the PCI Software Security Fra... READ MORE

3 Things to Know About P2PE v3.0

Posted by Lindsay Goodspeed on 19 Sep, 2019 in Point to Point Encryption (P2PE) and Community Meetings

The PCI P2PE Standard provides a comprehensive set of security requirements for validation of P2PE s... READ MORE

5 Questions About PCI DSS v4.0

Posted by Laura K. Gray on 18 Sep, 2019 in Community Meetings and PCI DSS and Request for Comments and PCI DSS v4.0

In this interview with the Council’s Global Head of Standards, Emma Sutcliffe, we address key questi... READ MORE

Executive Director Q&A: PCI SSC Strategic Framework

Posted by Laura K. Gray on 17 Sep, 2019 in Community Meetings and Interview and PCI SSC and Participation and Strategic Framework

In his keynote presentation at the 2019 PCI Community Meeting this week in Vancouver, Executive Dire... READ MORE

Understanding the PCI Software Security Framework: New Educational Resources

Posted by Laura K. Gray on 16 Sep, 2019 in Apps and PA-DSS and Resource Guide and Software Security Framework

Ahead of the North America Community Meeting this week in Vancouver, PCI SSC has published new educ... READ MORE

Closing the Gender Gap in Payment Security

Posted by Mark Meissner on 30 Aug, 2019 in Interview and PCI SSC

September 1, 2019 is International Women in Cyber Day. On the blog, we profile Emma Sutcliffe, Head... READ MORE

Key Blocks 103

Posted by Mark Meissner on 27 Aug, 2019 in Point to Point Encryption (P2PE) and Encryption and PIN Security Standard and Key Blocks

The PCI PIN Standard requires implementation of Key Blocks. On the blog, the third of the series, w... READ MORE

Regional Update: PCI Latin America Forum in Brazil

Posted by Laura K. Gray on 16 Aug, 2019 in Interview and Participation and Brazil and Regional Engagement Board

The PCI SSC Latin America Forum took place this week in São Paulo, Brazil, gathering more than 350 p... READ MORE

Key Blocks 102

Posted by Mark Meissner on 15 Aug, 2019 in Encryption and PIN Security Standard and Key Blocks

The PCI PIN Standard requires implementation of Key Blocks. On the blog, we cover basic questions a... READ MORE

3 Things to Know about PCI DSS v4.0 Development

Posted by Laura K. Gray on 5 Aug, 2019 in PCI DSS and Request for Comments and PCI DSS v4.0

PCI SSC stakeholders play an important role in the ongoing evolution of the PCI Data Security Standa... READ MORE

The Threat of Online Skimming to Payment Security

Posted by Mark Meissner on 1 Aug, 2019 in eCommerce and Breaches and Guidance and Patching and Hackers and Phishing and Awareness and PCI DSS and Multi-Factor Authentication and PCI SSC

How the emerging threat of online skimming presents a great threat to the payment security community... READ MORE

Information Supplement: Best Practices for Maintaining PCI DSS Compliance

Posted by Lindsay Goodspeed on 31 Jul, 2019 in PCI DSS and Compliance and SIGs and BAU and Resource Guide

Information Supplement: Best Practices for Maintaining PCI DSS Compliance provides updated guidance ... READ MORE

5 Common Questions About Continuing Professional Education Credits

Posted by Elizabeth Terry on 25 Jul, 2019 in Point to Point Encryption (P2PE) and Training and QSA and FAQ

Continuing professional education is an important component of PCI SSC Qualification. Staying up to ... READ MORE

Request for Comments: Contactless Payments on COTS Standard

Posted by Laura K. Gray on 22 Jul, 2019 in Mobile and Request for Comments and Contactless

From 22 July to 20 August 2019, PCI SSC stakeholders can participate in a Request for Comments (RFC)... READ MORE

PCI Software Security Framework FAQS: PA-DSS Impact and Transition

Posted by Laura K. Gray on 19 Jul, 2019 in Software and PA-DSS and FAQ and Software Security Framework

New FAQs address key questions on the transition from PA-DSS to the PCI Software Security Framework. READ MORE

NIST Mapping

Posted by Mark Meissner on 17 Jul, 2019 in Infographic and Guidance and PCI DSS

Mapping PCI DSS v. 3.2.1 to the NIST Cybersecurity Framework v. 1.1 How meeting PCI DSS requiremen... READ MORE

FAQ: Can organizations use alternative password management methods to meet PCI DSS Requirement 8?

Posted by Lindsay Goodspeed on 11 Jul, 2019 in Passwords and PCI DSS and Multi-Factor Authentication and FAQ

Did you know that the Frequently Asked Questions (FAQ) resource on the PCI SSC website is updated re... READ MORE

Key Blocks 101

Posted by Mark Meissner on 9 Jul, 2019 in Encryption and PIN Security Standard and Key Blocks

The PCI PIN Security Requirements and Testing Procedures (PCI PIN Security Standard) require impleme... READ MORE

New Software Security Framework Programs: Timeline & Key Milestones

Posted by Laura K. Gray on 26 Jun, 2019 in Software and Apps and Interview and PA-DSS and Software Security Framework

PCI SSC has announced the rollout of the Secure Software Lifecycle (Secure SLC) and Secure Software ... READ MORE

Guidance: PIN Security Requirement 18-3 Key Blocks

Posted by Laura K. Gray on 19 Jun, 2019 in Guidance and PIN Security Standard and Key Blocks

The PIN Security Requirement 18-3 Key Blocks Information Supplement provides a series of FAQs to hel... READ MORE

PCI on Mobile Payment Acceptance: SPoC and Contactless Updates

Posted by Laura K. Gray on 29 May, 2019 in Software and Mobile and SPoC and Contactless

PCI SSC recently completed the first of two request for comments (RFC) periods on the draft PCI Co... READ MORE

PCI Software Security Framework: Update on Assessor Qualification

Posted by Laura K. Gray on 23 May, 2019 in Software and Apps and Interview and PA-DSS and Software Security Framework

Who will be eligible to conduct assessments under the PCI Software Security Framework? How will th... READ MORE

Request for Comments: P2PE Standard v3.0

Posted by Lindsay Goodspeed on 22 May, 2019 in Point to Point Encryption (P2PE) and Participation and Request for Comments

From 20 May to 19 June, PCI SSC stakeholders can participate in a Request for Comments (RFC) on th... READ MORE

Programs Update: PCI Software Security Framework

Posted by Laura K. Gray on 25 Apr, 2019 in Software and Apps and Interview and PCI DSS and Software Security Framework

New validation programs are being developed to support the PCI Software Security Standards. Together... READ MORE

PCI Standards in 2019: Q&A with CTO Troy Leach

Posted by Laura K. Gray on 12 Apr, 2019 in Point to Point Encryption (P2PE) and Interview and PCI DSS and PTS POI and Third Party Risk and Participation and Request for Comments and SPoC and Software Security Framework and Contactless and PCI DSS v4.0

What do stakeholders need to know about PCI Security Standards in 2019? PCI SSC Chief Technology Off... READ MORE

What to Know About the New Card Production Security Assessor Program

Posted by Lindsay Goodspeed on 11 Apr, 2019 in Training and Interview and Assessors and CPSA Program and Card Production Standard

PCI SSC is in the process of launching a new program to train and qualify security professionals to ... READ MORE

PCI Council Executive Director on 2019 Priorities

Posted by Laura K. Gray on 28 Mar, 2019 in Interview and PCI SSC and Participation

A little more than a year into his role as Executive Director, Lance Johnson provides an update on w... READ MORE

Resource for Small Merchants: Firewall Basics

Posted by Lindsay Goodspeed on 15 Mar, 2019 in Small Business and Infographic and Firewalls and Small Merchant Resources and SMB Series and Resource Guide

In 2015 the PCI SSC created the Small Merchant Taskforce, a cross-industry consortium of payment sec... READ MORE

PCI DSS: Looking Ahead to Version 4.0

Posted by Laura K. Gray on 6 Mar, 2019 in PCI DSS and PCI DSS v4.0

PCI SSC has begun efforts on PCI Data Security Standard version 4.0 (PCI DSS v4.0). Here we provide ... READ MORE

Regional Update: India

Posted by Laura K. Gray on 5 Mar, 2019 in Interview and Participation and India

Associate Regional Director for India, Nitin Bhatnagar, provides an update on PCI SSC efforts in the... READ MORE

Resource for Small Merchants: Glossary of Payment and InfoSec Terms

Posted by Lindsay Goodspeed on 28 Feb, 2019 in Small Business and Guidance and Small Merchant Resources and SMB Series

In 2015 the PCI SSC created the Small Merchant Taskforce, a cross-industry consortium of payment sec... READ MORE

Request for Comments: PCI SPoC MSR Annex

Posted by Laura K. Gray on 26 Feb, 2019 in Software and Participation and Request for Comments and SPoC

From 26 Feb to 26 March, PCI SSC stakeholders can participate in a Request for Comments (RFC) on t... READ MORE

Applications Now Open for Qualified PIN Assessor Program

Posted by Lindsay Goodspeed on 20 Feb, 2019 in Training and ATM Security and QSA and PIN Security Standard and Assessors and QPA

PCI SSC is now accepting applications for the Qualified PIN Assessor (QPA) Program. READ MORE

Understanding the RFC Process: New Guidance

Posted by Mark Meissner on 15 Feb, 2019 in Infographic and PCI SSC and Participation and Request for Comments

Request for Comments (RFC) periods are avenues for PCI SSC stakeholders to provide feedback on exi... READ MORE

Resource for Small Merchants: Common Payment Systems

Posted by Lindsay Goodspeed on 12 Feb, 2019 in Small Business and Guidance and Small Merchant Resources and SMB Series

In 2015 the PCI SSC created the Small Merchant Taskforce, a cross-industry consortium of payment sec... READ MORE

Lead QSA Rotation as Best Practice

Posted by Elizabeth Terry on 5 Feb, 2019 in PCI DSS and Compliance and QSA

PCI SSC continually seeks to increase the baseline standard of quality within the assessor communi... READ MORE

Update to Maintaining Compliance Information Supplement

Posted by Lindsay Goodspeed on 29 Jan, 2019 in Guidance and Awareness and PCI DSS and Compliance and SIGs and BAU

The Council just published Information Supplement: Best Practices for Maintaining PCI DSS Complian... READ MORE

Resource for Small Merchants: Questions to Ask Your Vendors

Posted by Lindsay Goodspeed on 28 Jan, 2019 in Small Business and Small Merchant Resources and SMB Series

In 2015 the PCI SSC created the Small Merchant Taskforce, a cross-industry consortium of payment sec... READ MORE

PCI SPoC and Contactless Standards: What to Expect in 2019

Posted by Laura K. Gray on 25 Jan, 2019 in Mobile and Request for Comments and SPoC and Contactless

At the PCI Security Standards Council (PCI SSC) we continue to evolve PCI Security Standards to prov... READ MORE

Resource for Small Merchants: Guide to Safe Payments

Posted by Lindsay Goodspeed on 24 Jan, 2019 in Small Business and Small Merchant Resources and SMB Series

In 2015 the PCI SSC created the Small Merchant Taskforce, a cross-industry consortium of payment sec... READ MORE

Coming Soon: Qualified PIN Assessor Program

Posted by Lindsay Goodspeed on 23 Jan, 2019 in Training and Interview and ATM Security and QSA and PIN Security Standard and Assessors

PCI SSC is in the process of launching a new program to train and qualify security professionals to ... READ MORE

PCI SSC in Brazil: New Regional Engagement Board for 2019

Posted by Laura K. Gray on 18 Jan, 2019 in Interview and Participation and Brazil and Regional Engagement Board

PCI SSC has announced a newly expanded Brazil Regional Engagement Board. Here we talk with PCI SSC R... READ MORE

Just Published: New PCI Software Security Standards

Posted by Laura K. Gray on 16 Jan, 2019 in Software and Apps and Interview and PA-DSS and Software Security Framework

PCI SSC has published the PCI Secure Software Standard and the PCI Secure Software Lifecycle (Secure... READ MORE

PCI DSS: Reminders and Resources

Posted by Laura K. Gray on 17 Dec, 2018 in TLS/SSL and PCI DSS and Cloud Security and Multi-Factor Authentication and FAQ

Version 3.2 of the PCI Data Security Standard (PCI DSS) will be retired at the end of 2018. Here are... READ MORE

Update on PCI Software Security Framework

Posted by Laura K. Gray on 14 Dec, 2018 in Software and Apps and PA-DSS and Software Security Framework

PCI SSC is developing a new PCI Software Security Framework, a collection of software security stand... READ MORE

What’s New in PCI 3DS SDK Security Standard Version 1.1?

Posted by Laura K. Gray on 13 Dec, 2018 in Software and Apps and Interview and Mobile and 3DS

Today, the PCI SSC published a minor revision to the PCI 3-D Secure Software Development Kit (3DS SD... READ MORE

Payment Security in India

Posted by Laura K. Gray on 6 Dec, 2018 in Interview and Participation and India

PCI SSC has hired Nitin Bhatnagar to lead its efforts in India. As Associate Director for India he... READ MORE

Vote Now for 2019 Special Interest Group Projects

Posted by Laura K. Gray on 3 Dec, 2018 in SIGs and Participation

From 3 – 19 December PCI SSC Participating Organizations are invited to vote on proposals for 2019... READ MORE

Industry Guidance on Accepting Telephone Payments Securely

Posted by Lindsay Goodspeed on 27 Nov, 2018 in Guidance and PCI DSS and SIGs

PCI SSC just published an updated version of the Special Interest Group information supplement Pro... READ MORE

A Message from PCI SSC Executive Director: The Board of Advisors Needs Your Vote

Posted by Lance J. Johnson on 9 Nov, 2018 in Board of Advisors and Participation

PCI SSC Participating Organizations, one of the best ways for you to ensure your issues and perspect... READ MORE

Vote Now for the 2019-2020 PCI SSC Board of Advisors

Posted by Laura K. Gray on 5 Nov, 2018 in Board of Advisors and Participation

From 5- 16 November 2018 the primary business contact for each Participating Organization and Afﬁlia... READ MORE

Dutch Payments Association: Payment Security and Collaboration in Europe

Posted by Laura K. Gray on 18 Oct, 2018 in Community Meetings and Interview and Participation

At the Europe Community Meeting in London this week, a panel of European industry associations and s... READ MORE

PCI Software Security Standards Coming Soon

Posted by Laura K. Gray on 17 Oct, 2018 in Software and Apps and Community Meetings and Interview and PA-DSS and Participation and Software Security Framework

PCI SSC is in the process of finalizing new PCI Security Standards for the secure design and develop... READ MORE

On Payment Security in Europe

Posted by Laura K. Gray on 16 Oct, 2018 in Community Meetings and Interview and Small Merchant Resources and Participation and 3DS

At the Europe Community Meeting in London this week International Director for Europe, Jeremy King, ... READ MORE

PCI DSS in Practice Case Study: AccorHotels and Vigitrust

Posted by Laura K. Gray on 15 Oct, 2018 in Case Study

AccorHotels needed a comprehensive multinational, multidimensional, and multicultural PCI Data Sec... READ MORE

What’s Next for PCI Card Production and Provisioning?

Posted by Laura K. Gray on 12 Oct, 2018 in Community Meetings and Interview and Card Production

What happens next with the PCI Card Production and Provisioning Standards? PCI SSC Chief Technology ... READ MORE

How Innovation is Changing Payment Security (and Standards)

Posted by Lindsay Goodspeed on 27 Sep, 2018 in Point to Point Encryption (P2PE) and Community Meetings and Interview and Small Merchant Resources and Participation

In this interview from the 2018 North America Community Meeting, we sit down with Chief Technology O... READ MORE

How Industry Collaboration and Feedback Shapes PCI SSC Programs

Posted by Lindsay Goodspeed on 27 Sep, 2018 in Community Meetings and Certification and QIR and SIGs and QSA and Participation

In his talk at the 2018 North America Community Meeting, COO Mauro Lance discusses how collaboration... READ MORE

State of the PCI Security Standards Council

Posted by Lindsay Goodspeed on 26 Sep, 2018 in Community Meetings and Board of Advisors and Participation

In his keynote address to the 2018 North America Community Meeting, Lance Johnson shares his vision ... READ MORE

Council CTO on Verizon’s 2018 Payment Security Report

Posted by Lindsay Goodspeed on 25 Sep, 2018 in Point to Point Encryption (P2PE) and Community Meetings and PCI DSS and Compliance and BAU

Verizon recently released its 2018 Payment Security Report. During North America PCI Community Meeti... READ MORE

What’s Next for the PCI P2PE Standard?

Posted by Lindsay Goodspeed on 21 Sep, 2018 in Point to Point Encryption (P2PE) and Interview and Request for Comments

What happens next with the PCI Point-to-Point Encryption (P2PE) Standard? PCI SSC Chief Technology... READ MORE

Help Secure Payment Data: PCI SSC Participation Opportunities

Posted by Laura K. Gray on 21 Sep, 2018 in SIGs and Board of Advisors and PCI SSC and Participation

The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase pay... READ MORE

PCIP in Practice Case Study: Excentus

Posted by Laura K. Gray on 13 Sep, 2018 in Training and PCI Professional and Case Study

Excentus chose PCI Professional (PCIP) training and certification for its staff to help with forma... READ MORE

Helping Small Merchants Protect Payment Card Data

Posted by Lindsay Goodspeed on 30 Aug, 2018 in Small Business and Community Meetings and Small Merchant Resources

In this post, we get insights from Jenna Hutt, Retail Technology Specialist, Rocky Mountain Chocolat... READ MORE

Threats Facing Small Merchants: A New Tool to Help

Posted by Lindsay Goodspeed on 28 Aug, 2018 in Small Business and Firewalls and Small Merchant Resources and SMB Series

Troy Leach, Chief Technology Officer of the PCI SSC discusses how the Council is helping small mer... READ MORE

ISA in Practice Case Study: Cafe Rio Mexican Grill

Posted by Laura K. Gray on 23 Aug, 2018 in Training and Case Study and Internal Security Assessor (ISA)

Looking for in-house PCI knowledge that would help the company stay in front of security requireme... READ MORE

Impact Payment Security Globally: Serve on the PCI SSC Board of Advisors

Posted by Laura K. Gray on 17 Aug, 2018 in Board of Advisors and PCI SSC and Participation

The Board of Advisors represents PCI Security Standards Council (PCI SSC) Participating Organization... READ MORE

Request for Comments: PCI 3DS SDK Security Standard v1.1

Posted by Laura K. Gray on 14 Aug, 2018 in Participation and Mobile and Request for Comments and 3DS

From 14 August to 28 August the PCI community, including Participating Organizations, 3-D Secure (3D... READ MORE

Final Request for Comments: Draft PCI Software Security Framework

Posted by Laura K. Gray on 31 Jul, 2018 in Software and Apps and PA-DSS and Participation and Request for Comments and Software Security Framework

From 31 July to 7 September, PCI SSC stakeholders are invited to review and provide final feedback o... READ MORE

PCI 3-D Secure Software Development Kit (3DS SDK) Program Now Available

Posted by Laura K. Gray on 27 Jul, 2018 in Software and Apps and Interview and Mobile and 3DS

Today, the PCI SSC published documentation for vendors and labs to use in developing and evaluating ... READ MORE

Contactless Payments: PCI SSC on Plans to Develop Security Standard for Payment Acceptance on Merchant COTS Devices

Posted by Laura K. Gray on 28 Jun, 2018 in Interview and Mobile and Contactless

PCI SSC is in the beginning stages of developing a security standard for accepting contactless payme... READ MORE

Infographic: Patching

Posted by Laura K. Gray on 21 Jun, 2018 in Small Business and Infographic and Patching and Awareness and Vendors and QIR and Small Merchant Resources

The use of outdated and unpatched software is one of the leading causes of payment data breaches for... READ MORE

What Happens After 30 June 2018? New Guidance on Use of SSL/Early TLS

Posted by Laura K. Gray on 15 Jun, 2018 in Guidance and TLS/SSL and PCI DSS

Following the release of PCI DSS v3.2.1 to account for dates that have already passed, such as the 3... READ MORE

Video: Patching

Posted by Laura K. Gray on 13 Jun, 2018 in Small Business and Patching and Awareness and QIR and Small Merchant Resources and Video

Unpatched software is one of the leading causes of payment data breaches for businesses. READ MORE

Q&A with Community Meeting Speakers Sajal Islam and David McGregor

Posted by Lindsay Goodspeed on 24 May, 2018 in Point to Point Encryption (P2PE) and Community Meetings and Interview and PTS POI and APAC

Asia-Pacific Community Meeting speakers Sajal Islam, Audit Manager, UL, and David McGregor, Manager ... READ MORE

Infographic: Strong Passwords

Posted by Laura K. Gray on 22 May, 2018 in Small Business and Infographic and Passwords and Awareness and Vendors and QIR and Small Merchant Resources

The use of weak and default passwords is one of the leading causes of payment data breaches for busi... READ MORE

Q&A with Community Meeting Speaker Swati Sharma

Posted by Lindsay Goodspeed on 18 May, 2018 in Community Meetings and Interview and QSA and APAC

Asia-Pacific Community Meeting speaker Swati Sharma, QSA, CISSP, CISM discusses the payment securi... READ MORE

PCI DSS Now and Looking Ahead

Posted by Laura K. Gray on 17 May, 2018 in TLS/SSL and Interview and PCI DSS

Today the PCI SSC published a minor revision to the PCI Data Security Standard (PCI DSS) to account ... READ MORE

3 Things to Know About the PCI Software Security Framework in 2018

Posted by Laura K. Gray on 11 May, 2018 in Software and Apps and Interview and PA-DSS and Software Security Framework

As payments evolve, PCI SSC continues to evolve PCI Security Standards and programs for securing pay... READ MORE

Video: Strong Passwords

Posted by Laura K. Gray on 3 May, 2018 in Small Business and Passwords and Awareness and QIR and Small Merchant Resources and Video

The use of weak and default passwords is one of the leading causes of payment data breaches for busi... READ MORE

Infographic: Secure Remote Access

Posted by Laura K. Gray on 27 Apr, 2018 in Infographic and Awareness and QIR and Multi-Factor Authentication and Remote Access

Insecure remote access is one of the leading causes of payment data breaches for businesses. READ MORE

PCI Software-based PIN Entry on COTS Program Now Available

Posted by Laura K. Gray on 24 Apr, 2018 in Software and Apps and Interview and Mobile and SPoC

Earlier this year, the PCI SSC published the PCI Software-based PIN Entry on COTS (SPoC) Standard, w... READ MORE

New FAQs on Software-based PIN Entry on COTS

Posted by Laura K. Gray on 20 Apr, 2018 in Software and Apps and Interview and Mobile and SPoC

Earlier this year, the PCI SSC published the PCI Software-based PIN Entry on COTS (SPoC) Standard, w... READ MORE

Coming Soon: Minor PCI DSS Revision

Posted by Laura K. Gray on 18 Apr, 2018 in PCI DSS

A minor revision to the PCI Data Security Standard (PCI DSS) will be published next month. The new... READ MORE

PCI P2PE in Practice Case Study: Northwestern University and CardConnect

Posted by Laura K. Gray on 13 Apr, 2018 in Point to Point Encryption (P2PE) and Case Study

With a mission to enhance the level of transactional data security across every payment location o... READ MORE

Video: Secure Remote Access

Posted by Laura K. Gray on 9 Apr, 2018 in Awareness and QIR and Small Merchant Resources and Multi-Factor Authentication and Remote Access and Video

Insecure remote access is one of the leading causes of payment data breaches for businesses. READ MORE

ISACA Partners with PCI SSC to Provide Discount on Industry Certifications

Posted by Laura K. Gray on 5 Apr, 2018 in Certification and Interview and QSA

As introduced in August 2017, in 2019 the PCI SSC will increase the industry-recognized professional... READ MORE

4 Things to Know About PCI DSS in 2018

Posted by Laura K. Gray on 29 Mar, 2018 in TLS/SSL and PCI DSS

What happens next with the PCI Data Security Standard (PCI DSS)? Here we look at key updates and m... READ MORE

Share This: New Resources for Businesses on Payment Data Security Essentials - Featured Image

Q&A with Community Meeting Speaker Steve Marshall

Posted by Lindsay Goodspeed on 22 Mar, 2018 in PCI Forensic Investigator (PFI) and Community Meetings and Interview and BAU and MEAF and QSA and APAC

Community Meetings are hosted by the PCI Security Standards Council in locations around the world. READ MORE

Video: PCI SSC Updates Training and Certification Program for Integrators and Resellers

Posted by Laura K. Gray on 21 Mar, 2018 in Breaches and Patching and Passwords and Certification and Interview and QIR and Remote Access and Video

Watch this video with PCI SSC’s Chief Operating Officer on how training integrators and resellers ... READ MORE

The QIR Program is Changing: Here’s What You Need to Know

Posted by Lindsay Goodspeed on 14 Mar, 2018 in Patching and Passwords and Interview and QIR and Remote Access

The PCI SSC continually listens to feedback and adapts its standards and programs to meet evolving n... READ MORE

Webinar: SSL and Early TLS Migration: Preparing for 30 June Deadline

Posted by Laura K. Gray on 9 Mar, 2018 in Awareness and TLS/SSL and PCI DSS and Encryption and Educational Resource and Webinar

30 June 2018 is the deadline for disabling Secure Sockets Layer/early Transport Layer Security (SSL/... READ MORE

Request for Comments: PCI Software Security Standard Framework

Posted by PCI Security Standards Council on 6 Mar, 2018 in Software and Apps and PA-DSS and Participation and Request for Comments and Software Security Framework

From 6 March to 6 April, PCI SSC stakeholders have the opportunity to review and provide feedback ... READ MORE

PCI Software-based PIN Entry on COTS: Understanding New Test Requirements

Posted by Laura K. Gray on 26 Feb, 2018 in Software and Apps and Interview and PTS POI and Mobile and SPoC

Test Requirements are now available for the recently announced PCI Security Standard for software-ba... READ MORE

Resource Guide: Migrating from SSL and Early TLS

Posted by Laura K. Gray on 14 Feb, 2018 in Awareness and TLS/SSL and PCI DSS and Encryption and Educational Resource and Resource Guide

Is your organization still using Secure Sockets Layer (SSL)/early Transport Layer Security (TLS) pro... READ MORE

PCI Council Supports Data Privacy Day with Free Training

Posted by Lindsay Goodspeed on 25 Jan, 2018 in Training and Patching and Passwords and Awareness and QIR and Data Privacy Day and Remote Access

In support of Data Privacy Day, we’re offering FREE PCI Awareness training to the first 1,000 people... READ MORE

New PCI Software-Based PIN Entry on COTS Standard

Posted by Laura K. Gray on 24 Jan, 2018 in Software and Apps and Interview and Mobile and SPoC

The PCI SSC has announced a new PCI Security Standard for software-based PIN entry on commercial off... READ MORE

Now Accepting Applications for New Associate QSA Program

Posted by Laura K. Gray on 18 Jan, 2018 in QSA

As cybercriminals continue to target payments, cybersecurity skills are critically important to help... READ MORE

PCI Training for Merchants: Which Course is Right for You?

Posted by Laura K. Gray on 3 Jan, 2018 in Training and Awareness and Certification and PCI Professional

People are a critical part of keeping payment data safe and secure. READ MORE

Changes Coming to the QIR Program

Posted by Lindsay Goodspeed on 21 Dec, 2017 in Patching and Passwords and Interview and QIR and Remote Access

The PCI Security Standards Council (PCI SSC) is planning to restructure the Qualified Integrator and... READ MORE

Coming Soon: New PCI Software PIN-Entry on COTS Standard

Posted by Laura K. Gray on 19 Dec, 2017 in Software and Apps and Interview and Mobile and SPoC

The PCI Security Standards Council (PCI SSC) has been working with industry stakeholders to develop ... READ MORE

Request for Comments: PTS POI Standard

Posted by PCI Security Standards Council on 18 Dec, 2017 in PTS POI and Participation and Request for Comments

From 18 December 2017 to 17 January 2018, PCI SSC stakeholders have the opportunity to review and ... READ MORE

PCI DSS Dates to Remember

Posted by Laura K. Gray on 15 Dec, 2017 in TLS/SSL and PCI DSS

With 2018 come important PCI Data Security Standard (PCI DSS) dates to remember. New requirements ... READ MORE

What’s Next for the PCI Software Security Framework?

Posted by Laura K. Gray on 11 Dec, 2017 in Software and Apps and Interview and PA-DSS and Software Security Framework

In an earlier post, Securing Modern Payment Software with a New Software Security Framework, PCI S... READ MORE

PCI DSS and the Travel Industry

Posted by Laura K. Gray on 6 Dec, 2017 in Holidays and Hackers and Interview and PCI DSS and Small Merchant Resources

The International Air Transport Association (IATA) is now requiring that its accredited travel age... READ MORE

Preparing for Launch: Associate QSA Program

Posted by Laura K. Gray on 4 Dec, 2017 in Interview and PCI SSC and QSA

In March 2017 the PCI SSC announced plans to develop an Associate QSA program, as part of a broade... READ MORE

Guidance: Multi-Factor Authentication

Posted by Laura K. Gray on 1 Dec, 2017 in Guidance and Passwords and Multi-Factor Authentication and Educational Resource and Remote Access

Attackers continue to compromise valid user credentials to access company networks and steal payme... READ MORE

PCI SSC Associate Regional Director for Brazil on New Regional Engagement Board

Posted by Laura K. Gray on 21 Nov, 2017 in Participation

The PCI Security Standards Council (PCI SSC) justannounced it will establish a Brazil Regional Engag... READ MORE

PCI 3DS SDK Standard Now Available

Posted by Laura K. Gray on 20 Nov, 2017 in Software and Mobile and 3DS

Following publication of the PCI 3DS Core Security Standard in October, the PCI SSC has published a ... READ MORE

PCI SSC Cryptography Expert on Triple DEA

Posted by Ralph Spencer Poore on 9 Nov, 2017 in TLS/SSL and Encryption and Approved Scanning Vendors

This article is intended to provide awareness and guidance on the use of Triple DEA (also known as... READ MORE

Serve on the first PCI SSC Brazil Regional Engagement Board: Nominate Now

Posted by Laura K. Gray on 3 Nov, 2017 in Participation

The first ever Regional Engagement Board is launching in Brazil in January 2018. READ MORE

FAQ: Can card verification codes/values be stored for card-on-file or recurring transactions?

Posted by Laura K. Gray on 2 Nov, 2017 in PCI DSS and FAQ

Did you know that the Frequently Asked Questions (FAQ) resource on the PCI SSC website is updated re... READ MORE

Strong Passwords: Payment Data Security Essential for SMBs

Posted by Laura K. Gray on 1 Nov, 2017 in Small Business and Passwords and QIR and Small Merchant Resources and Cyber Security Awareness Month

Passwords are essential for computer and payment data security. READ MORE

Payment Security in Brazil: New PCI SSC Regional Engagement Board

Posted by Laura K. Gray on 1 Nov, 2017 in Interview and Participation

The PCI Security Standards Council (PCI SSC) just announced the opening of the nomination period for... READ MORE

PCI and the Next Generation of Payment Security

Posted by Laura K. Gray on 26 Oct, 2017 in Software and Community Meetings and PCI DSS and QIR and Multi-Factor Authentication and Third Party Risk and 3DS

PCI SSC Chief Technology Officer Troy Leach talked with PCI Europe Community Meeting attendees in Ba... READ MORE

Payment Security Insights from EUCM Speaker Michael Christodoulides

Posted by Lindsay Goodspeed on 25 Oct, 2017 in Community Meetings and Interview and Small Merchant Resources and BAU and Third Party Risk and Remote Access

In this post, we get insights from Michael Christodoulides CISM, CISA, CRISC, Vice President, Secu... READ MORE

Payment Security Insights with EUCM Speaker Gary Glover

Posted by Lindsay Goodspeed on 25 Oct, 2017 in Community Meetings and Interview and PCI DSS and QIR and QSA and Remote Access

In this post, we get insights from Gary Glover, CISSP, QSA, PA-QSA, CISA, Vice President of Assess... READ MORE

What to Know About the New PCI 3DS Core Security Standard

Posted by Laura K. Gray on 25 Oct, 2017 in Software and eCommerce and Apps and Community Meetings and Interview and Mobile and 3DS

At this week’s PCI Europe Community Meeting in Barcelona, the PCI Security Standards Council (PCI... READ MORE

Payment Security Insights with EUCM Speaker Speaker Tracey Long

Posted by Lindsay Goodspeed on 25 Oct, 2017 in Point to Point Encryption (P2PE) and Community Meetings and Interview

In this post, we get insights from Tracey Long, Senior Payment Security PCI DSS Compliance Manager... READ MORE

Payment Security Insights with EUCM Speaker Jacob Ansari

Posted by Lindsay Goodspeed on 25 Oct, 2017 in Patching and Passwords and Malware and Skimming and Phishing and Community Meetings and Interview and Remote Access

In this post, we get insights from Jacob Ansari, QSA (P2PE), PA-QSA (P2PE), CISSP, Director at Sch... READ MORE

Payment Security Areas to Watch

Posted by Laura K. Gray on 24 Oct, 2017 in Software and Community Meetings and Encryption and IoT and Ransomware

PCI SSC Chief Technology Officer Troy Leach talked with PCI Europe Community Meeting attendees in Ba... READ MORE

Payment Security Insights with EUCM Speaker Chris Novak

Posted by Lindsay Goodspeed on 24 Oct, 2017 in Community Meetings and Interview and BAU

In this post, we get insights from Christopher Novak, Director, Investigative Response Verizon RIS... READ MORE

Request for Comments: PCI Software-Based PIN Entry on COTS Standard

Posted by PCI Security Standards Council on 23 Oct, 2017 in Software and Participation and Mobile and Request for Comments and SPoC

From 23 October to 20 November, PCI SSC stakeholders have the opportunity to review and provide feed... READ MORE

What to Know About the PCI Software-Based PIN Entry on COTS Standard

Posted by Laura K. Gray on 20 Oct, 2017 in Software and Apps and Community Meetings and Interview and Mobile and SPoC

The PCI Security Standards Council has been working with industry stakeholders to develop a security... READ MORE

Securing Modern Payment Software with a New Software Security Framework

Posted by Lindsay Goodspeed on 18 Oct, 2017 in Software and Community Meetings and Interview and PA-DSS and Cloud Security and Software Security Framework

Secure design and development of modern payment software is a key priority for the PCI SSC. READ MORE

Patching: Payment Data Security Essential for SMBs

Posted by Laura K. Gray on 18 Oct, 2017 in Small Business and Patching and QIR and Small Merchant Resources and Cyber Security Awareness Month

When businesses don’t apply software patches from vendors, they open themselves up to attacks, which... READ MORE

Vote Now for 2018 Special Interest Group Projects

Posted by Laura K. Gray on 17 Oct, 2017 in SIGs and Participation

From now through 31 October PCI SSC Participating Organizations are invited to vote on proposals for... READ MORE

Insecure Remote Access: Top Risk for SMBs

Posted by Laura K. Gray on 10 Oct, 2017 in Small Business and Infographic and QIR and Small Merchant Resources and Cyber Security Awareness Month and Third Party Risk and Remote Access

Recent attack trends show that hackers are beginning to move their focus to smaller merchants that h... READ MORE

Infographic: 3 Payment Data Security Essentials SMBs Shouldn’t Ignore

Posted by Laura K. Gray on 3 Oct, 2017 in Small Business and Infographic and Patching and Passwords and Small Merchant Resources and Educational Resource and Remote Access

Attacks on POS systems at brick-and-mortar businesses are on the rise, leading to costly payment d... READ MORE

Request for Comments: PCI Card Production and Provisioning ROCs

Posted by PCI Security Standards Council on 27 Sep, 2017 in Participation and Request for Comments

From 20 September to 20 October, PCI SSC stakeholders have the opportunity to review and provide fee... READ MORE

PCI in Japan: Training for Merchants and Assessors Supports PCI DSS Adoption

Posted by Laura K. Gray on 19 Sep, 2017 in Training and PCI DSS and QSA and APAC

The PCI Security Standards Council continues to work with stakeholders in Japan to help support PCI ... READ MORE

Locking Up Remote Access

Posted by PCI Security Standards Council on 15 Sep, 2017 in Software and Small Business and Point of Sale (POS) and QIR and Multi-Factor Authentication and Third Party Risk and Remote Access

An analysis of account data compromises found that insecure remote access is the #1 point of entry f... READ MORE

Feedback Period: PCI DSS and PA-DSS

Posted by PCI Security Standards Council on 8 Sep, 2017 in PCI DSS and PA-DSS and Participation and Request for Comments

From 6 September to 15 November, PCI SSC stakeholders have the opportunity to provide feedback on th... READ MORE

Council CTO on Verizon’s Payment Security Report

Posted by Lindsay Goodspeed on 31 Aug, 2017 in Small Business and Community Meetings and Interview and QIR and Compliance and Small Merchant Resources and BAU

Verizon recently released its 2017 Payment Security Report. In advance of the upcoming North America... READ MORE

Keeping up to Date with PCI DSS Dates

Posted by Gill Woodcock on 25 Aug, 2017 in TLS/SSL and PCI DSS and Scoping and Segmentation and Multi-Factor Authentication

In our previous post, we highlighted recommendations for preparing for the 30 June 2018 PCI Data Sec... READ MORE

What’s Next for the QSA Program?

Posted by Laura K. Gray on 23 Aug, 2017 in Interview and QSA and 3DS

In March 2017 the PCI SSC announced plans to evolve the PCI Qualified Security Assessors (QSA) Pro... READ MORE

Request for Comments: PCI PIN Standard

Posted by PCI Security Standards Council on 21 Aug, 2017 in Point of Sale (POS) and ATM Security and PTS POI and QSA and Participation and Request for Comments

From 18 August to 18 September, PCI SSC stakeholders have the opportunity to review and provide feed... READ MORE

Associate QSA Program: Coming Soon

Posted by Laura K. Gray on 14 Aug, 2017 in Interview and PCI SSC and QSA

In March 2017 the PCI SSC announced plans to develop an Associate QSA certification program, as pa... READ MORE

FAQ: Is Two-Step Authentication Acceptable for PCI DSS Requirement 8.3?

Posted by Laura K. Gray on 11 Aug, 2017 in Passwords and PCI DSS and Multi-Factor Authentication and FAQ and Remote Access

Did you know that the Frequently Asked Questions (FAQ) resource on the PCI SSC website is updated ... READ MORE

PCI Special Interest Groups: Industry Collaboration at its Best

Posted by Laura K. Gray on 10 Aug, 2017 in Interview and SIGs and Participation

Special Interest Groups (SIGs) are community-driven initiatives that focus on payment security cha... READ MORE

Navigating your Path to Payment Security with the Prioritized Approach to PCI DSS

Posted by Lauren Holloway on 8 Aug, 2017 in PCI DSS and Prioritized Approach

Director of Data Security Standards Lauren Holloway discusses a roadmap organizations can use to m... READ MORE

What’s Next for PCI DSS?

Posted by Laura K. Gray on 3 Aug, 2017 in Interview and PCI DSS

PCI Data Security Standard (PCI DSS) version 3.2 was published in April 2016. In this blog post we... READ MORE

Reducing Risk: SSL/Early TLS Mitigation and Migration

Posted by Laura K. Gray on 28 Jul, 2017 in eCommerce and Patching and Awareness and TLS/SSL and PCI DSS and Encryption

Is your organization still using the SSL/early TLS protocols? Do you work with online and e-commer... READ MORE

The State of Payment Security in Brazil

Posted by Lindsay Goodspeed on 25 Jul, 2017 in Malware and Events and Community Meetings and Interview and ATM Security

Leading up to the Latin America Forum in São Paulo, Brazil, Associate Regional Director Carlos Cae... READ MORE