PCI Perspectives

PCI Software Security Framework FAQS: PA-DSS Impact and Transition

Posted by Laura K. Gray on 19 Jul, 2019 in Software and PA-DSS and FAQ and Software Security Framework

New FAQs address key questions on the transition from PA-DSS to the PCI Software Security Framework. READ MORE

NIST Mapping

Posted by Mark Meissner on 17 Jul, 2019 in Infographic and Guidance and PCI DSS

Mapping PCI DSS v. 3.2.1 to the NIST Cybersecurity Framework v. 1.1 How meeting PCI DSS requiremen... READ MORE

FAQ: Can organizations use alternative password management methods to meet PCI DSS Requirement 8?

Posted by Lindsay Goodspeed on 11 Jul, 2019 in Passwords and PCI DSS and Multi-Factor Authentication and FAQ

Did you know that the Frequently Asked Questions (FAQ) resource on the PCI SSC website is updated re... READ MORE

Key Blocks 101

Posted by Mark Meissner on 9 Jul, 2019 in Encryption and PIN Security Standard and Key Blocks

The PCI PIN Security Requirements and Testing Procedures (PCI PIN Security Standard) require impleme... READ MORE

New Software Security Framework Programs: Timeline & Key Milestones

Posted by Laura K. Gray on 26 Jun, 2019 in Software and Apps and Interview and PA-DSS and Software Security Framework

PCI SSC has announced the rollout of the Secure Software Lifecycle (Secure SLC) and Secure Software ... READ MORE

Guidance: PIN Security Requirement 18-3 Key Blocks

Posted by Laura K. Gray on 19 Jun, 2019 in Guidance and PIN Security Standard

The PIN Security Requirement 18-3 Key Blocks Information Supplement provides a series of FAQs to hel... READ MORE

PCI on Mobile Payment Acceptance: SPoC and Contactless Updates

Posted by Laura K. Gray on 29 May, 2019 in Software and Mobile and SPoC and Contactless

PCI SSC recently completed the first of two request for comments (RFC) periods on the draft PCI Co... READ MORE

PCI Software Security Framework: Update on Assessor Qualification

Posted by Laura K. Gray on 23 May, 2019 in Software and Apps and Interview and PA-DSS and Software Security Framework

Who will be eligible to conduct assessments under the PCI Software Security Framework? How will th... READ MORE

Request for Comments: P2PE Standard v3.0

Posted by Lindsay Goodspeed on 22 May, 2019 in Point to Point Encryption (P2PE) and Participation and Request for Comments

From 20 May to 19 June, PCI SSC stakeholders can participate in a Request for Comments (RFC) on th... READ MORE

Programs Update: PCI Software Security Framework

Posted by Laura K. Gray on 25 Apr, 2019 in Software and Apps and Interview and PCI DSS and Software Security Framework

New validation programs are being developed to support the PCI Software Security Standards. Together... READ MORE

PCI Standards in 2019: Q&A with CTO Troy Leach

Posted by Laura K. Gray on 12 Apr, 2019 in Point to Point Encryption (P2PE) and Interview and PCI DSS and PTS POI and Third Party Risk and Participation and Request for Comments and SPoC and Software Security Framework and Contactless

What do stakeholders need to know about PCI Security Standards in 2019? PCI SSC Chief Technology Off... READ MORE

What to Know About the New Card Production Security Assessor Program

Posted by Lindsay Goodspeed on 11 Apr, 2019 in Training and Interview and Assessors and CPSA Program and Card Production Standard

PCI SSC is in the process of launching a new program to train and qualify security professionals to ... READ MORE

PCI Council Executive Director on 2019 Priorities

Posted by Laura K. Gray on 28 Mar, 2019 in Interview and PCI SSC and Participation

A little more than a year into his role as Executive Director, Lance Johnson provides an update on w... READ MORE

Resource for Small Merchants: Firewall Basics

Posted by Lindsay Goodspeed on 15 Mar, 2019 in Small Business and Infographic and Firewalls and Small Merchant Resources and SMB Series and Resource Guide

In 2015 the PCI SSC created the Small Merchant Taskforce, a cross-industry consortium of payment sec... READ MORE

PCI DSS: Looking Ahead to Version 4.0

Posted by Laura K. Gray on 6 Mar, 2019 in PCI DSS

PCI SSC has begun efforts on PCI Data Security Standard version 4.0 (PCI DSS v4.0). Here we provide ... READ MORE

Regional Update: India

Posted by Laura K. Gray on 5 Mar, 2019 in Interview and Participation and India

Associate Regional Director for India, Nitin Bhatnagar, provides an update on PCI SSC efforts in the... READ MORE

Resource for Small Merchants: Glossary of Payment and InfoSec Terms

Posted by Lindsay Goodspeed on 28 Feb, 2019 in Small Business and Guidance and Small Merchant Resources and SMB Series

In 2015 the PCI SSC created the Small Merchant Taskforce, a cross-industry consortium of payment sec... READ MORE

Request for Comments: PCI SPoC MSR Annex

Posted by Laura K. Gray on 26 Feb, 2019 in Software and Participation and Request for Comments and SPoC

From 26 Feb to 26 March, PCI SSC stakeholders can participate in a Request for Comments (RFC) on t... READ MORE

Applications Now Open for Qualified PIN Assessor Program

Posted by Lindsay Goodspeed on 20 Feb, 2019 in Training and ATM Security and QSA and PIN Security Standard and Assessors and QPA

PCI SSC is now accepting applications for the Qualified PIN Assessor (QPA) Program. READ MORE

Understanding the RFC Process: New Guidance

Posted by Mark Meissner on 15 Feb, 2019 in Infographic and PCI SSC and Participation and Request for Comments

Request for Comments (RFC) periods are avenues for PCI SSC stakeholders to provide feedback on exi... READ MORE

Resource for Small Merchants: Common Payment Systems

Posted by Lindsay Goodspeed on 12 Feb, 2019 in Small Business and Guidance and Small Merchant Resources and SMB Series

In 2015 the PCI SSC created the Small Merchant Taskforce, a cross-industry consortium of payment sec... READ MORE

Lead QSA Rotation as Best Practice

Posted by Elizabeth Terry on 5 Feb, 2019 in PCI DSS and Compliance and QSA

PCI SSC continually seeks to increase the baseline standard of quality within the assessor communi... READ MORE

Update to Maintaining Compliance Information Supplement

Posted by Lindsay Goodspeed on 29 Jan, 2019 in Guidance and Awareness and PCI DSS and Compliance and SIGs and BAU

The Council just published Information Supplement: Best Practices for Maintaining PCI DSS Complian... READ MORE

Resource for Small Merchants: Questions to Ask Your Vendors

Posted by Lindsay Goodspeed on 28 Jan, 2019 in Small Business and Small Merchant Resources and SMB Series

In 2015 the PCI SSC created the Small Merchant Taskforce, a cross-industry consortium of payment sec... READ MORE

PCI SPoC and Contactless Standards: What to Expect in 2019

Posted by Laura K. Gray on 25 Jan, 2019 in Mobile and Request for Comments and SPoC and Contactless

At the PCI Security Standards Council (PCI SSC) we continue to evolve PCI Security Standards to prov... READ MORE

Resource for Small Merchants: Guide to Safe Payments

Posted by Lindsay Goodspeed on 24 Jan, 2019 in Small Business and Small Merchant Resources and SMB Series

In 2015 the PCI SSC created the Small Merchant Taskforce, a cross-industry consortium of payment sec... READ MORE

Coming Soon: Qualified PIN Assessor Program

Posted by Lindsay Goodspeed on 23 Jan, 2019 in Training and Interview and ATM Security and QSA and PIN Security Standard and Assessors

PCI SSC is in the process of launching a new program to train and qualify security professionals to ... READ MORE

PCI SSC in Brazil: New Regional Engagement Board for 2019

Posted by Laura K. Gray on 18 Jan, 2019 in Interview and Participation and Brazil and Regional Engagement Board

PCI SSC has announced a newly expanded Brazil Regional Engagement Board. Here we talk with PCI SSC R... READ MORE

Just Published: New PCI Software Security Standards

Posted by Laura K. Gray on 16 Jan, 2019 in Software and Apps and Interview and PA-DSS and Software Security Framework

PCI SSC has published the PCI Secure Software Standard and the PCI Secure Software Lifecycle (Secure... READ MORE

PCI DSS: Reminders and Resources

Posted by Laura K. Gray on 17 Dec, 2018 in TLS/SSL and PCI DSS and Cloud Security and Multi-Factor Authentication and FAQ

Version 3.2 of the PCI Data Security Standard (PCI DSS) will be retired at the end of 2018. Here are... READ MORE

Update on PCI Software Security Framework

Posted by Laura K. Gray on 14 Dec, 2018 in Software and Apps and PA-DSS and Software Security Framework

PCI SSC is developing a new PCI Software Security Framework, a collection of software security stand... READ MORE

What’s New in PCI 3DS SDK Security Standard Version 1.1?

Posted by Laura K. Gray on 13 Dec, 2018 in Software and Apps and Interview and Mobile and 3DS

Today, the PCI SSC published a minor revision to the PCI 3-D Secure Software Development Kit (3DS SD... READ MORE

Payment Security in India

Posted by Laura K. Gray on 6 Dec, 2018 in Interview and Participation and India

PCI SSC has hired Nitin Bhatnagar to lead its efforts in India. As Associate Director for India he... READ MORE

Vote Now for 2019 Special Interest Group Projects

Posted by Laura K. Gray on 3 Dec, 2018 in SIGs and Participation

From 3 – 19 December PCI SSC Participating Organizations are invited to vote on proposals for 2019... READ MORE

Industry Guidance on Accepting Telephone Payments Securely

Posted by Lindsay Goodspeed on 27 Nov, 2018 in Guidance and PCI DSS and SIGs

PCI SSC just published an updated version of the Special Interest Group information supplement Pro... READ MORE

A Message from PCI SSC Executive Director: The Board of Advisors Needs Your Vote

Posted by Lance J. Johnson on 9 Nov, 2018 in Board of Advisors and Participation

PCI SSC Participating Organizations, one of the best ways for you to ensure your issues and perspect... READ MORE

Vote Now for the 2019-2020 PCI SSC Board of Advisors

Posted by Laura K. Gray on 5 Nov, 2018 in Board of Advisors and Participation

From 5- 16 November 2018 the primary business contact for each Participating Organization and Afﬁlia... READ MORE

Dutch Payments Association: Payment Security and Collaboration in Europe

Posted by Laura K. Gray on 18 Oct, 2018 in Community Meetings and Interview and Participation

At the Europe Community Meeting in London this week, a panel of European industry associations and s... READ MORE

PCI Software Security Standards Coming Soon

Posted by Laura K. Gray on 17 Oct, 2018 in Software and Apps and Community Meetings and Interview and PA-DSS and Participation and Software Security Framework

PCI SSC is in the process of finalizing new PCI Security Standards for the secure design and develop... READ MORE

On Payment Security in Europe

Posted by Laura K. Gray on 16 Oct, 2018 in Community Meetings and Interview and Small Merchant Resources and Participation and 3DS

At the Europe Community Meeting in London this week International Director for Europe, Jeremy King, ... READ MORE

PCI DSS in Practice Case Study: AccorHotels and Vigitrust

Posted by Laura K. Gray on 15 Oct, 2018 in Case Study

AccorHotels needed a comprehensive multinational, multidimensional, and multicultural PCI Data Sec... READ MORE

What’s Next for PCI Card Production and Provisioning?

Posted by Laura K. Gray on 12 Oct, 2018 in Community Meetings and Interview and Card Production

What happens next with the PCI Card Production and Provisioning Standards? PCI SSC Chief Technology ... READ MORE

How Innovation is Changing Payment Security (and Standards)

Posted by Lindsay Goodspeed on 27 Sep, 2018 in Point to Point Encryption (P2PE) and Community Meetings and Interview and Small Merchant Resources and Participation

In this interview from the 2018 North America Community Meeting, we sit down with Chief Technology O... READ MORE

How Industry Collaboration and Feedback Shapes PCI SSC Programs

Posted by Lindsay Goodspeed on 27 Sep, 2018 in Community Meetings and Certification and QIR and SIGs and QSA and Participation

In his talk at the 2018 North America Community Meeting, COO Mauro Lance discusses how collaboration... READ MORE

State of the PCI Security Standards Council

Posted by Lindsay Goodspeed on 26 Sep, 2018 in Community Meetings and Board of Advisors and Participation

In his keynote address to the 2018 North America Community Meeting, Lance Johnson shares his vision ... READ MORE

Council CTO on Verizon’s 2018 Payment Security Report

Posted by Lindsay Goodspeed on 25 Sep, 2018 in Point to Point Encryption (P2PE) and Community Meetings and PCI DSS and Compliance and BAU

Verizon recently released its 2018 Payment Security Report. During North America PCI Community Meeti... READ MORE

What’s Next for the PCI P2PE Standard?

Posted by Lindsay Goodspeed on 21 Sep, 2018 in Point to Point Encryption (P2PE) and Interview and Request for Comments

What happens next with the PCI Point-to-Point Encryption (P2PE) Standard? PCI SSC Chief Technology... READ MORE

Help Secure Payment Data: PCI SSC Participation Opportunities

Posted by Laura K. Gray on 21 Sep, 2018 in SIGs and Board of Advisors and PCI SSC and Participation

The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase pay... READ MORE

PCIP in Practice Case Study: Excentus

Posted by Laura K. Gray on 13 Sep, 2018 in Training and PCI Professional and Case Study

Excentus chose PCI Professional (PCIP) training and certification for its staff to help with forma... READ MORE

Helping Small Merchants Protect Payment Card Data

Posted by Lindsay Goodspeed on 30 Aug, 2018 in Small Business and Community Meetings and Small Merchant Resources

In this post, we get insights from Jenna Hutt, Retail Technology Specialist, Rocky Mountain Chocolat... READ MORE

Threats Facing Small Merchants: A New Tool to Help

Posted by Lindsay Goodspeed on 28 Aug, 2018 in Small Business and Firewalls and Small Merchant Resources and SMB Series

Troy Leach, Chief Technology Officer of the PCI SSC discusses how the Council is helping small mer... READ MORE

ISA in Practice Case Study: Cafe Rio Mexican Grill

Posted by Laura K. Gray on 23 Aug, 2018 in Training and Case Study and Internal Security Assessor (ISA)

Looking for in-house PCI knowledge that would help the company stay in front of security requireme... READ MORE

Impact Payment Security Globally: Serve on the PCI SSC Board of Advisors

Posted by Laura K. Gray on 17 Aug, 2018 in Board of Advisors and PCI SSC and Participation

The Board of Advisors represents PCI Security Standards Council (PCI SSC) Participating Organization... READ MORE

Request for Comments: PCI 3DS SDK Security Standard v1.1

Posted by Laura K. Gray on 14 Aug, 2018 in Participation and Mobile and Request for Comments and 3DS

From 14 August to 28 August the PCI community, including Participating Organizations, 3-D Secure (3D... READ MORE

Final Request for Comments: Draft PCI Software Security Framework

Posted by Laura K. Gray on 31 Jul, 2018 in Software and Apps and PA-DSS and Participation and Request for Comments and Software Security Framework

From 31 July to 7 September, PCI SSC stakeholders are invited to review and provide final feedback o... READ MORE

PCI 3-D Secure Software Development Kit (3DS SDK) Program Now Available

Posted by Laura K. Gray on 27 Jul, 2018 in Software and Apps and Interview and Mobile and 3DS

Today, the PCI SSC published documentation for vendors and labs to use in developing and evaluating ... READ MORE

Contactless Payments: PCI SSC on Plans to Develop Security Standard for Payment Acceptance on Merchant COTS Devices

Posted by Laura K. Gray on 28 Jun, 2018 in Interview and Mobile and Contactless

PCI SSC is in the beginning stages of developing a security standard for accepting contactless payme... READ MORE

Infographic: Patching

Posted by Laura K. Gray on 21 Jun, 2018 in Small Business and Infographic and Patching and Awareness and Vendors and QIR and Small Merchant Resources

The use of outdated and unpatched software is one of the leading causes of payment data breaches for... READ MORE

What Happens After 30 June 2018? New Guidance on Use of SSL/Early TLS

Posted by Laura K. Gray on 15 Jun, 2018 in Guidance and TLS/SSL and PCI DSS

Following the release of PCI DSS v3.2.1 to account for dates that have already passed, such as the 3... READ MORE

Video: Patching

Posted by Laura K. Gray on 13 Jun, 2018 in Small Business and Patching and Awareness and QIR and Small Merchant Resources and Video

Unpatched software is one of the leading causes of payment data breaches for businesses. READ MORE

Q&A with Community Meeting Speakers Sajal Islam and David McGregor

Posted by Lindsay Goodspeed on 24 May, 2018 in Point to Point Encryption (P2PE) and Community Meetings and Interview and PTS POI and APAC

Asia-Pacific Community Meeting speakers Sajal Islam, Audit Manager, UL, and David McGregor, Manager ... READ MORE

Infographic: Strong Passwords

Posted by Laura K. Gray on 22 May, 2018 in Small Business and Infographic and Passwords and Awareness and Vendors and QIR and Small Merchant Resources

The use of weak and default passwords is one of the leading causes of payment data breaches for busi... READ MORE

Q&A with Community Meeting Speaker Swati Sharma

Posted by Lindsay Goodspeed on 18 May, 2018 in Community Meetings and Interview and QSA and APAC

Asia-Pacific Community Meeting speaker Swati Sharma, QSA, CISSP, CISM discusses the payment securi... READ MORE

PCI DSS Now and Looking Ahead

Posted by Laura K. Gray on 17 May, 2018 in TLS/SSL and Interview and PCI DSS

Today the PCI SSC published a minor revision to the PCI Data Security Standard (PCI DSS) to account ... READ MORE

3 Things to Know About the PCI Software Security Framework in 2018

Posted by Laura K. Gray on 11 May, 2018 in Software and Apps and Interview and PA-DSS and Software Security Framework

As payments evolve, PCI SSC continues to evolve PCI Security Standards and programs for securing pay... READ MORE

Video: Strong Passwords

Posted by Laura K. Gray on 3 May, 2018 in Small Business and Passwords and Awareness and QIR and Small Merchant Resources and Video

The use of weak and default passwords is one of the leading causes of payment data breaches for busi... READ MORE

Infographic: Secure Remote Access

Posted by Laura K. Gray on 27 Apr, 2018 in Infographic and Awareness and QIR and Multi-Factor Authentication and Remote Access

Insecure remote access is one of the leading causes of payment data breaches for businesses. READ MORE

PCI Software-based PIN Entry on COTS Program Now Available

Posted by Laura K. Gray on 24 Apr, 2018 in Software and Apps and Interview and Mobile and SPoC

Earlier this year, the PCI SSC published the PCI Software-based PIN Entry on COTS (SPoC) Standard, w... READ MORE

New FAQs on Software-based PIN Entry on COTS

Posted by Laura K. Gray on 20 Apr, 2018 in Software and Apps and Interview and Mobile and SPoC

Earlier this year, the PCI SSC published the PCI Software-based PIN Entry on COTS (SPoC) Standard, w... READ MORE

Coming Soon: Minor PCI DSS Revision

Posted by Laura K. Gray on 18 Apr, 2018 in PCI DSS

A minor revision to the PCI Data Security Standard (PCI DSS) will be published next month. The new... READ MORE

PCI P2PE in Practice Case Study: Northwestern University and CardConnect

Posted by Laura K. Gray on 13 Apr, 2018 in Point to Point Encryption (P2PE) and Case Study

With a mission to enhance the level of transactional data security across every payment location o... READ MORE

Video: Secure Remote Access

Posted by Laura K. Gray on 9 Apr, 2018 in Awareness and QIR and Small Merchant Resources and Multi-Factor Authentication and Remote Access and Video

Insecure remote access is one of the leading causes of payment data breaches for businesses. READ MORE

ISACA Partners with PCI SSC to Provide Discount on Industry Certifications

Posted by Laura K. Gray on 5 Apr, 2018 in Certification and Interview and QSA

As introduced in August 2017, in 2019 the PCI SSC will increase the industry-recognized professional... READ MORE

4 Things to Know About PCI DSS in 2018

Posted by Laura K. Gray on 29 Mar, 2018 in TLS/SSL and PCI DSS

What happens next with the PCI Data Security Standard (PCI DSS)? Here we look at key updates and m... READ MORE

Share This: New Resources for Businesses on Payment Data Security Essentials - Featured Image

Q&A with Community Meeting Speaker Steve Marshall

Posted by Lindsay Goodspeed on 22 Mar, 2018 in PCI Forensic Investigator (PFI) and Community Meetings and Interview and BAU and MEAF and QSA and APAC

Community Meetings are hosted by the PCI Security Standards Council in locations around the world. READ MORE

Video: PCI SSC Updates Training and Certification Program for Integrators and Resellers

Posted by Laura K. Gray on 21 Mar, 2018 in Breaches and Patching and Passwords and Certification and Interview and QIR and Remote Access and Video

Watch this video with PCI SSC’s Chief Operating Officer on how training integrators and resellers ... READ MORE

The QIR Program is Changing: Here’s What You Need to Know

Posted by Lindsay Goodspeed on 14 Mar, 2018 in Patching and Passwords and Interview and QIR and Remote Access

The PCI SSC continually listens to feedback and adapts its standards and programs to meet evolving n... READ MORE

Webinar: SSL and Early TLS Migration: Preparing for 30 June Deadline

Posted by Laura K. Gray on 9 Mar, 2018 in Awareness and TLS/SSL and PCI DSS and Encryption and Educational Resource and Webinar

30 June 2018 is the deadline for disabling Secure Sockets Layer/early Transport Layer Security (SSL/... READ MORE

Request for Comments: PCI Software Security Standard Framework

Posted by PCI Security Standards Council on 6 Mar, 2018 in Software and Apps and PA-DSS and Participation and Request for Comments and Software Security Framework

From 6 March to 6 April, PCI SSC stakeholders have the opportunity to review and provide feedback ... READ MORE

PCI Software-based PIN Entry on COTS: Understanding New Test Requirements

Posted by Laura K. Gray on 26 Feb, 2018 in Software and Apps and Interview and PTS POI and Mobile and SPoC

Test Requirements are now available for the recently announced PCI Security Standard for software-ba... READ MORE

Resource Guide: Migrating from SSL and Early TLS

Posted by Laura K. Gray on 14 Feb, 2018 in Awareness and TLS/SSL and PCI DSS and Encryption and Educational Resource and Resource Guide

Is your organization still using Secure Sockets Layer (SSL)/early Transport Layer Security (TLS) pro... READ MORE

PCI Council Supports Data Privacy Day with Free Training

Posted by Lindsay Goodspeed on 25 Jan, 2018 in Training and Patching and Passwords and Awareness and QIR and Data Privacy Day and Remote Access

In support of Data Privacy Day, we’re offering FREE PCI Awareness training to the first 1,000 people... READ MORE

New PCI Software-Based PIN Entry on COTS Standard

Posted by Laura K. Gray on 24 Jan, 2018 in Software and Apps and Interview and Mobile and SPoC

The PCI SSC has announced a new PCI Security Standard for software-based PIN entry on commercial off... READ MORE

Now Accepting Applications for New Associate QSA Program

Posted by Laura K. Gray on 18 Jan, 2018 in QSA

As cybercriminals continue to target payments, cybersecurity skills are critically important to help... READ MORE

PCI Training for Merchants: Which Course is Right for You?

Posted by Laura K. Gray on 3 Jan, 2018 in Training and Awareness and Certification and PCI Professional

People are a critical part of keeping payment data safe and secure. READ MORE

Changes Coming to the QIR Program

Posted by Lindsay Goodspeed on 21 Dec, 2017 in Patching and Passwords and Interview and QIR and Remote Access

The PCI Security Standards Council (PCI SSC) is planning to restructure the Qualified Integrator and... READ MORE

Coming Soon: New PCI Software PIN-Entry on COTS Standard

Posted by Laura K. Gray on 19 Dec, 2017 in Software and Apps and Interview and Mobile and SPoC

The PCI Security Standards Council (PCI SSC) has been working with industry stakeholders to develop ... READ MORE

Request for Comments: PTS POI Standard

Posted by PCI Security Standards Council on 18 Dec, 2017 in PTS POI and Participation and Request for Comments

From 18 December 2017 to 17 January 2018, PCI SSC stakeholders have the opportunity to review and ... READ MORE

PCI DSS Dates to Remember

Posted by Laura K. Gray on 15 Dec, 2017 in TLS/SSL and PCI DSS

With 2018 come important PCI Data Security Standard (PCI DSS) dates to remember. New requirements ... READ MORE

What’s Next for the PCI Software Security Framework?

Posted by Laura K. Gray on 11 Dec, 2017 in Software and Apps and Interview and PA-DSS and Software Security Framework

In an earlier post, Securing Modern Payment Software with a New Software Security Framework, PCI S... READ MORE

PCI DSS and the Travel Industry

Posted by Laura K. Gray on 6 Dec, 2017 in Holidays and Hackers and Interview and PCI DSS and Small Merchant Resources

The International Air Transport Association (IATA) is now requiring that its accredited travel age... READ MORE

Preparing for Launch: Associate QSA Program

Posted by Laura K. Gray on 4 Dec, 2017 in Interview and PCI SSC and QSA

In March 2017 the PCI SSC announced plans to develop an Associate QSA program, as part of a broade... READ MORE

Guidance: Multi-Factor Authentication

Posted by Laura K. Gray on 1 Dec, 2017 in Guidance and Passwords and Multi-Factor Authentication and Educational Resource and Remote Access

Attackers continue to compromise valid user credentials to access company networks and steal payme... READ MORE

PCI SSC Associate Regional Director for Brazil on New Regional Engagement Board

Posted by Laura K. Gray on 21 Nov, 2017 in Participation

The PCI Security Standards Council (PCI SSC) justannounced it will establish a Brazil Regional Engag... READ MORE

PCI 3DS SDK Standard Now Available

Posted by Laura K. Gray on 20 Nov, 2017 in Software and Mobile and 3DS

Following publication of the PCI 3DS Core Security Standard in October, the PCI SSC has published a ... READ MORE

PCI SSC Cryptography Expert on Triple DEA

Posted by Ralph Spencer Poore on 9 Nov, 2017 in TLS/SSL and Encryption and Approved Scanning Vendors

This article is intended to provide awareness and guidance on the use of Triple DEA (also known as... READ MORE

Serve on the first PCI SSC Brazil Regional Engagement Board: Nominate Now

Posted by Laura K. Gray on 3 Nov, 2017 in Participation

The first ever Regional Engagement Board is launching in Brazil in January 2018. READ MORE

FAQ: Can card verification codes/values be stored for card-on-file or recurring transactions?

Posted by Laura K. Gray on 2 Nov, 2017 in PCI DSS and FAQ

Did you know that the Frequently Asked Questions (FAQ) resource on the PCI SSC website is updated re... READ MORE

Strong Passwords: Payment Data Security Essential for SMBs

Posted by Laura K. Gray on 1 Nov, 2017 in Small Business and Passwords and QIR and Small Merchant Resources and Cyber Security Awareness Month

Passwords are essential for computer and payment data security. READ MORE

Payment Security in Brazil: New PCI SSC Regional Engagement Board

Posted by Laura K. Gray on 1 Nov, 2017 in Interview and Participation

The PCI Security Standards Council (PCI SSC) just announced the opening of the nomination period for... READ MORE

PCI and the Next Generation of Payment Security

Posted by Laura K. Gray on 26 Oct, 2017 in Software and Community Meetings and PCI DSS and QIR and Multi-Factor Authentication and Third Party Risk and 3DS

PCI SSC Chief Technology Officer Troy Leach talked with PCI Europe Community Meeting attendees in Ba... READ MORE

Payment Security Insights from EUCM Speaker Michael Christodoulides

Posted by Lindsay Goodspeed on 25 Oct, 2017 in Community Meetings and Interview and Small Merchant Resources and BAU and Third Party Risk and Remote Access

In this post, we get insights from Michael Christodoulides CISM, CISA, CRISC, Vice President, Secu... READ MORE

Payment Security Insights with EUCM Speaker Gary Glover

Posted by Lindsay Goodspeed on 25 Oct, 2017 in Community Meetings and Interview and PCI DSS and QIR and QSA and Remote Access

In this post, we get insights from Gary Glover, CISSP, QSA, PA-QSA, CISA, Vice President of Assess... READ MORE

What to Know About the New PCI 3DS Core Security Standard

Posted by Laura K. Gray on 25 Oct, 2017 in Software and eCommerce and Apps and Community Meetings and Interview and Mobile and 3DS

At this week’s PCI Europe Community Meeting in Barcelona, the PCI Security Standards Council (PCI... READ MORE

Payment Security Insights with EUCM Speaker Speaker Tracey Long

Posted by Lindsay Goodspeed on 25 Oct, 2017 in Point to Point Encryption (P2PE) and Community Meetings and Interview

In this post, we get insights from Tracey Long, Senior Payment Security PCI DSS Compliance Manager... READ MORE

Payment Security Insights with EUCM Speaker Jacob Ansari

Posted by Lindsay Goodspeed on 25 Oct, 2017 in Patching and Passwords and Malware and Skimming and Phishing and Community Meetings and Interview and Remote Access

In this post, we get insights from Jacob Ansari, QSA (P2PE), PA-QSA (P2PE), CISSP, Director at Sch... READ MORE

Payment Security Areas to Watch

Posted by Laura K. Gray on 24 Oct, 2017 in Software and Community Meetings and Encryption and IoT and Ransomware

PCI SSC Chief Technology Officer Troy Leach talked with PCI Europe Community Meeting attendees in Ba... READ MORE

Payment Security Insights with EUCM Speaker Chris Novak

Posted by Lindsay Goodspeed on 24 Oct, 2017 in Community Meetings and Interview and BAU

In this post, we get insights from Christopher Novak, Director, Investigative Response Verizon RIS... READ MORE

Request for Comments: PCI Software-Based PIN Entry on COTS Standard

Posted by PCI Security Standards Council on 23 Oct, 2017 in Software and Participation and Mobile and Request for Comments and SPoC

From 23 October to 20 November, PCI SSC stakeholders have the opportunity to review and provide feed... READ MORE

What to Know About the PCI Software-Based PIN Entry on COTS Standard

Posted by Laura K. Gray on 20 Oct, 2017 in Software and Apps and Community Meetings and Interview and Mobile and SPoC

The PCI Security Standards Council has been working with industry stakeholders to develop a security... READ MORE

Securing Modern Payment Software with a New Software Security Framework

Posted by Lindsay Goodspeed on 18 Oct, 2017 in Software and Community Meetings and Interview and PA-DSS and Cloud Security and Software Security Framework

Secure design and development of modern payment software is a key priority for the PCI SSC. READ MORE

Patching: Payment Data Security Essential for SMBs

Posted by Laura K. Gray on 18 Oct, 2017 in Small Business and Patching and QIR and Small Merchant Resources and Cyber Security Awareness Month

When businesses don’t apply software patches from vendors, they open themselves up to attacks, which... READ MORE

Vote Now for 2018 Special Interest Group Projects

Posted by Laura K. Gray on 17 Oct, 2017 in SIGs and Participation

From now through 31 October PCI SSC Participating Organizations are invited to vote on proposals for... READ MORE

Insecure Remote Access: Top Risk for SMBs

Posted by Laura K. Gray on 10 Oct, 2017 in Small Business and Infographic and QIR and Small Merchant Resources and Cyber Security Awareness Month and Third Party Risk and Remote Access

Recent attack trends show that hackers are beginning to move their focus to smaller merchants that h... READ MORE

Infographic: 3 Payment Data Security Essentials SMBs Shouldn’t Ignore

Posted by Laura K. Gray on 3 Oct, 2017 in Small Business and Infographic and Patching and Passwords and Small Merchant Resources and Educational Resource and Remote Access

Attacks on POS systems at brick-and-mortar businesses are on the rise, leading to costly payment d... READ MORE

Request for Comments: PCI Card Production and Provisioning ROCs

Posted by PCI Security Standards Council on 27 Sep, 2017 in Participation and Request for Comments

From 20 September to 20 October, PCI SSC stakeholders have the opportunity to review and provide fee... READ MORE

PCI in Japan: Training for Merchants and Assessors Supports PCI DSS Adoption

Posted by Laura K. Gray on 19 Sep, 2017 in Training and PCI DSS and QSA and APAC

The PCI Security Standards Council continues to work with stakeholders in Japan to help support PCI ... READ MORE

Locking Up Remote Access

Posted by PCI Security Standards Council on 15 Sep, 2017 in Software and Small Business and Point of Sale (POS) and QIR and Multi-Factor Authentication and Third Party Risk and Remote Access

An analysis of account data compromises found that insecure remote access is the #1 point of entry f... READ MORE

Feedback Period: PCI DSS and PA-DSS

Posted by PCI Security Standards Council on 8 Sep, 2017 in PCI DSS and PA-DSS and Participation and Request for Comments

From 6 September to 15 November, PCI SSC stakeholders have the opportunity to provide feedback on th... READ MORE

Council CTO on Verizon’s Payment Security Report

Posted by Lindsay Goodspeed on 31 Aug, 2017 in Small Business and Community Meetings and Interview and QIR and Compliance and Small Merchant Resources and BAU

Verizon recently released its 2017 Payment Security Report. In advance of the upcoming North America... READ MORE

Keeping up to Date with PCI DSS Dates

Posted by Gill Woodcock on 25 Aug, 2017 in TLS/SSL and PCI DSS and Scoping and Segmentation and Multi-Factor Authentication

In our previous post, we highlighted recommendations for preparing for the 30 June 2018 PCI Data Sec... READ MORE

What’s Next for the QSA Program?

Posted by Laura K. Gray on 23 Aug, 2017 in Interview and QSA and 3DS

In March 2017 the PCI SSC announced plans to evolve the PCI Qualified Security Assessors (QSA) Pro... READ MORE

Request for Comments: PCI PIN Standard

Posted by PCI Security Standards Council on 21 Aug, 2017 in Point of Sale (POS) and ATM Security and PTS POI and QSA and Participation and Request for Comments

From 18 August to 18 September, PCI SSC stakeholders have the opportunity to review and provide feed... READ MORE

Associate QSA Program: Coming Soon

Posted by Laura K. Gray on 14 Aug, 2017 in Interview and PCI SSC and QSA

In March 2017 the PCI SSC announced plans to develop an Associate QSA certification program, as pa... READ MORE

FAQ: Is Two-Step Authentication Acceptable for PCI DSS Requirement 8.3?

Posted by Laura K. Gray on 11 Aug, 2017 in Passwords and PCI DSS and Multi-Factor Authentication and FAQ and Remote Access

Did you know that the Frequently Asked Questions (FAQ) resource on the PCI SSC website is updated ... READ MORE

PCI Special Interest Groups: Industry Collaboration at its Best

Posted by Laura K. Gray on 10 Aug, 2017 in Interview and SIGs and Participation

Special Interest Groups (SIGs) are community-driven initiatives that focus on payment security cha... READ MORE

Navigating your Path to Payment Security with the Prioritized Approach to PCI DSS

Posted by Lauren Holloway on 8 Aug, 2017 in PCI DSS and Prioritized Approach

Director of Data Security Standards Lauren Holloway discusses a roadmap organizations can use to m... READ MORE

What’s Next for PCI DSS?

Posted by Laura K. Gray on 3 Aug, 2017 in Interview and PCI DSS

PCI Data Security Standard (PCI DSS) version 3.2 was published in April 2016. In this blog post we... READ MORE

Reducing Risk: SSL/Early TLS Mitigation and Migration

Posted by Laura K. Gray on 28 Jul, 2017 in eCommerce and Patching and Awareness and TLS/SSL and PCI DSS and Encryption

Is your organization still using the SSL/early TLS protocols? Do you work with online and e-commer... READ MORE

The State of Payment Security in Brazil

Posted by Lindsay Goodspeed on 25 Jul, 2017 in Malware and Events and Community Meetings and Interview and ATM Security

Leading up to the Latin America Forum in São Paulo, Brazil, Associate Regional Director Carlos Cae... READ MORE

FAQ: How does Encrypted Cardholder Data Impact PCI DSS Scope?

Posted by Laura K. Gray on 21 Jul, 2017 in Point to Point Encryption (P2PE) and PCI DSS and Scoping and Encryption and FAQ

Did you know that the Frequently Asked Questions (FAQ) resource on the PCI SSC website is updated ... READ MORE

Demystifying the NESA

Posted by Laura K. Gray on 13 Jul, 2017 in Point to Point Encryption (P2PE) and Interview and Encryption and NESA

Point-to-Point Encryption (P2PE) technology makes data unreadable so it has no value to criminals ... READ MORE

Mobile Payment Acceptance: A Look at PCI’s New Software-Based PIN-Entry Initiative

Posted by Laura K. Gray on 10 Jul, 2017 in Software and Interview and PTS POI and Mobile and SPoC

The PCI Security Standards Council has been discussing with stakeholders plans for a new security ... READ MORE

Are You Ready for 30 June 2018? Saying Goodbye to SSL/early TLS

Posted by Laura K. Gray on 30 Jun, 2017 in eCommerce and Patching and Awareness and TLS/SSL and PCI DSS and Encryption

Is your organization still using the SSL/early TLS protocols? Do you work with online and e-commer... READ MORE

Industry Participation Critical to Payment Security

Posted by Mauro Lance on 20 Jun, 2017 in Awareness and Board of Advisors and Participation

At the PCI Security Standards Council (PCI SSC) one of our core values is participation. READ MORE

Resource Guide: Defending Against Phishing Attacks

Posted by Lindsay Goodspeed on 20 Jun, 2017 in Software and Small Business and eCommerce and Phishing and Small Merchant Resources and Educational Resource and Resource Guide

Hackers use phishing and other social engineering methods to target organizations with legitimate-... READ MORE

Council Adds Training to Bolster Secure Payment Application Installation

Posted by Lindsay Goodspeed on 1 Jun, 2017 in Training and Interview and QIR and Remote Access

In 2012 it was reported that 76% of data breaches were a result of security vulnerabilities introd... READ MORE

Consumers in Japan Push Businesses on Payment Security

Posted by Jeremy King on 31 May, 2017 in Breaches and APAC

For a nation at the forefront of technological innovation and adoption, consumers concerns about p... READ MORE

Infographic: It’s Time to Change your Password

Posted by Lindsay Goodspeed on 24 May, 2017 in Infographic and Passwords and Educational Resource

Passwords are critical for computer and payment data security. Just like a lock on the door protec... READ MORE

5 Questions with Swati Sharma

Posted by Lindsay Goodspeed on 12 May, 2017 in Community Meetings and TLS/SSL and Interview and QSA

Leading up to the Asia-Pacific Community Meeting in Bangkok, Thailand, speaker Swati Sharma, QSA, ... READ MORE

5 Questions with Chalee Vorakulpipat

Posted by Lindsay Goodspeed on 8 May, 2017 in Community Meetings and Awareness and Interview

Leading up to the Asia-Pacific Community Meeting in Bangkok, Thailand, keynote speaker Chalee Vora... READ MORE

Cybercrime challenges Asia-Pacific’s business landscape

Posted by Jeremy King on 2 May, 2017 in Breaches and Hackers and PCI SSC

Asia-Pacific is one of the leading regional hotspots for cybercrime. It’s been estimated that busi... READ MORE

Making the E-commerce Channel Safer

Posted by Lindsay Goodspeed on 26 Apr, 2017 in eCommerce and Interview and SIGs

The Council published Best Practices for Securing E-commerce which educates merchants on accepting... READ MORE

Hacking is an Industry – The Cybersecurity Skills Pipeline is not Strong Enough to Keep it at Bay

Posted by Mauro Lance on 25 Apr, 2017 in Training and Hackers and QSA

Hackers are proactive, relentless and constantly testing ways to exploit payment data for financia... READ MORE

Your Smart Home – A Hacker’s Playground?

Posted by Jeremy King on 18 Apr, 2017 in Breaches and PCI SSC and IoT

The truly smart home is closer than we think. A world where the toaster talks to the kettle, and t... READ MORE

Insights from a PCI Forensic Investigator

Posted by Laura K. Gray on 12 Apr, 2017 in PCI Forensic Investigator (PFI) and Breaches and Interview and PCI SSC

At the PCI Acquirer Forum in Las Vegas on 9 May, PCI Forensic Investigator (PFI) Tom Arnold, Payme... READ MORE

Making Payments Safer with PCI P2PE Solutions

Posted by Lindsay Goodspeed on 11 Apr, 2017 in Point to Point Encryption (P2PE) and Interview

Point-to-point encryption (P2PE) protects cardholder data from cybercriminals by encrypting data f... READ MORE

Infographic: Protecting your Payment Data from Malware

Posted by Lindsay Goodspeed on 10 Apr, 2017 in Small Business and Infographic and Malware and Small Merchant Resources and Educational Resource

Hackers use malicious code called malware (also called viruses) to break into computer systems and... READ MORE

Insights from the Verizon Data Breach Investigations Report

Posted by Lindsay Goodspeed on 29 Mar, 2017 in Interview and MEAF and Third Party Risk and Remote Access

In this post, we get insights from Chris Novak, Global Director of Verizon Enterprise Solutions. H... READ MORE

Minding the Cybersecurity Gap: New Associate QSA Program

Posted by Laura K. Gray on 29 Mar, 2017 in Interview and PCI SSC and QSA

At the PCI Middle East and Africa Forum in Cape Town, the PCI SSC announced plans to evolve the PC... READ MORE

Foregenix CEO on State of Payments in the African Region

Posted by Lindsay Goodspeed on 23 Mar, 2017 in Point to Point Encryption (P2PE) and Interview and MEAF

In this post, we get insights from Andrew Henwood CEO, Foregenix. He will present Local is Lekker:... READ MORE

Making a Global Impact: Shaping Payment Security in 2017

Posted by Laura K. Gray on 15 Mar, 2017 in Interview and Board of Advisors

The PCI Security Standards Council (PCI SSC) recently announced the election period for the next P... READ MORE

How the SHA-1 Collision Impacts Security of Payments

Posted by Lindsay Goodspeed on 14 Mar, 2017 in Guidance and Encryption and PTS POI

Recently, Google and CWI Institute in Amsterdam announced that they successfully created a “hash col... READ MORE

Resource Guide: Preventing Skimming Attacks

Posted by Lindsay Goodspeed on 6 Mar, 2017 in Small Business and Skimming and Point of Sale (POS) and Small Merchant Resources and ATM Security and Educational Resource and Resource Guide

“Skimming devices” sweep up your customers’ payment card data off the magnetic stripe when swiped ... READ MORE

Making a Global Impact: Cartes Bancaires

Posted by Laura K. Gray on 20 Feb, 2017 in Interview and Board of Advisors

The PCI Security Standards Council (PCI SSC) recently announced the nomination period for the next... READ MORE

Special Interest Group Q&A on E-Commerce Best Practices

Posted by Lindsay Goodspeed on 15 Feb, 2017 in eCommerce and SIGs

The Council just published Best Practices for Securing E-commerce which educates merchants on accept... READ MORE

Making a Global Impact: Wells Fargo

Posted by Laura K. Gray on 13 Feb, 2017 in Interview and Board of Advisors

The PCI Security Standards Council (PCI SSC) recently announced the nomination period for the next... READ MORE

Understanding New PCI Guidance on MFA

Posted by Laura K. Gray on 9 Feb, 2017 in Guidance and Passwords and Interview and PCI DSS and Multi-Factor Authentication and PCI SSC

Attackers continue to compromise valid credentials to access company networks and steal data. To h... READ MORE

Making a Global Impact: Ingenico

Posted by Laura K. Gray on 7 Feb, 2017 in Interview and Board of Advisors

The PCI Security Standards Council (PCI SSC) recently announced the nomination period for the next... READ MORE

Resource Guide: Defending Against Ransomware

Posted by Lindsay Goodspeed on 6 Feb, 2017 in Software and Small Business and eCommerce and Malware and Small Merchant Resources and Educational Resource and Ransomware and Resource Guide

Ransomware is the fastest growing malware threat. In a ransomware attack, criminals will infiltrat... READ MORE

Making a Global Impact: Barclaycard

Posted by Laura K. Gray on 1 Feb, 2017 in Interview and Board of Advisors

The PCI Security Standards Council (PCI SSC) recently announced the nomination period for the next... READ MORE

Council CTO on E-commerce Best Practices

Posted by Lindsay Goodspeed on 31 Jan, 2017 in eCommerce and TLS/SSL and SIGs

The Council just published Best Practices for Securing E-commerce which educates merchants on acce... READ MORE

What do new PCI DSS SAQ changes mean?

Posted by Laura K. Gray on 30 Jan, 2017 in PCI DSS

Self-Assessment Questionnaires (SAQ) are forms used by eligible organizations to report the result... READ MORE

Google Warns Users of Insecure Sites: What You Need to Know

Posted by Lindsay Goodspeed on 25 Jan, 2017 in Small Business and eCommerce and TLS/SSL and SIGs

By the end of January, Google will update its Chrome browser to warn users when a website that acc... READ MORE

Making a Global Impact: Worldpay

Posted by Laura K. Gray on 25 Jan, 2017 in Interview and Board of Advisors

The PCI Security Standards Council (PCI SSC) recently announced the nomination period for the next... READ MORE

3 Things To Know About Ransomware, Fast

Posted by Laura K. Gray on 24 Jan, 2017 in Patching and Malware and Hackers and Phishing and Data Privacy Day and Ransomware

In the spirit of Data Privacy Day and raising awareness around safeguarding data against cybercrim... READ MORE

Resource Guide: Tips to Protect Online Businesses from Cyberattack

Posted by Lindsay Goodspeed on 3 Jan, 2017 in Small Business and eCommerce and Patching and Passwords and Malware and Small Merchant Resources and Educational Resource and Resource Guide

Small and medium businesses are a growing target for cybercriminals. Using the internet, data thie... READ MORE

SMB Security Tips: Protect Your Business from the Internet

Posted by Laura K. Gray on 21 Dec, 2016 in Small Business and Breaches and Hackers and Small Merchant Resources and SMB Series

Small and medium businesses around the world are increasingly at risk for payment data theft. Near... READ MORE

SMB Security Tips: Devalue Your Payment Card Data

Posted by Laura K. Gray on 21 Dec, 2016 in Small Business and Breaches and Hackers and Small Merchant Resources and SMB Series

Small and medium businesses around the world are increasingly at risk for payment data theft. Near... READ MORE

SMB Security Tips: Check for Software “Bugs”

Posted by Laura K. Gray on 20 Dec, 2016 in Small Business and Breaches and Hackers and Small Merchant Resources and SMB Series

Small and medium businesses around the world are increasingly at risk for payment data theft. Near... READ MORE

SMB Security Tips: Fight Off Malware

Posted by Laura K. Gray on 19 Dec, 2016 in Small Business and Breaches and Malware and Hackers and Small Merchant Resources and SMB Series

Small and medium businesses around the world are increasingly at risk for payment data theft. Near... READ MORE

Assessor Viewpoint: Q&A on Scoping and Segmentation Guidance

Posted by Lindsay Goodspeed on 15 Dec, 2016 in Guidance and Interview and PCI DSS and Scoping and Segmentation

The Council just published new Guidance for PCI DSS Scoping and Network Segmentation to help clarify... READ MORE

SMB Security Tips: Don’t Leave the Door Open for Hackers

Posted by Laura K. Gray on 9 Dec, 2016 in Small Business and Breaches and Hackers and Small Merchant Resources and SMB Series and Remote Access

Small and medium businesses around the world are increasingly at risk for payment data theft. Near... READ MORE

Council CTO Discusses Scoping and Segmentation Guidance

Posted by Lindsay Goodspeed on 9 Dec, 2016 in Interview and PCI DSS and Scoping

The Council just published new Guidance for PCI DSS Scoping and Network Segmentation to help clarify... READ MORE

Worldpay: Fighting Back Against Fraud with PCI P2PE

Posted by Laura K. Gray on 30 Nov, 2016 in Small Business and Point to Point Encryption (P2PE) and Interview and Small Merchant Resources

Point-to-Point Encryption (P2PE) technology makes data unreadable so it has no value to criminals ev... READ MORE

SMB Security: 3 Steps To Protect Online Businesses Against Cybercrime

Posted by Elizabeth Terry on 29 Nov, 2016 in Software and Small Business and Holidays and eCommerce and Breaches and Patching and Passwords and Hackers and Phishing and Small Merchant Resources and SMB Series

With the holidays around the corner and with 57% of consumers shopping online (National Retail Fed... READ MORE

SMB Security Tips: Keep Hackers Out!

Posted by Laura K. Gray on 22 Nov, 2016 in Small Business and Small Merchant Resources and SMB Series

Small and medium businesses around the world are increasingly at risk for payment data theft. Near... READ MORE

P2PE: Assessing Non-listed Encryption Solutions

Posted by Laura K. Gray on 22 Nov, 2016 in Point to Point Encryption (P2PE)

Point-to-Point Encryption (P2PE) technology makes data unreadable so it has no value to criminals ... READ MORE

5 Questions with Community Meeting Speaker David Phister

Posted by Lindsay Goodspeed on 16 Nov, 2016 in Community Meetings and Interview and ATM Security

In this post, we get insights from David Phister, Diebold Nixdorf Product Management – Platform Se... READ MORE

SMB Security Tips: Vendor Security

Posted by Laura K. Gray on 10 Nov, 2016 in Small Business and Small Merchant Resources and SMB Series and Remote Access

Small and medium businesses around the world are increasingly at risk for payment data theft. Nearly... READ MORE

SMB Security Tips: There’s a Patch for That!

Posted by Laura K. Gray on 28 Oct, 2016 in Small Business and Patching and Small Merchant Resources and SMB Series

Small and medium businesses around the world are increasingly at risk for payment data theft. Nearly... READ MORE

Cyber Security Awareness Month: Building a Culture of Security

Posted by Lindsay Goodspeed on 28 Oct, 2016 in Small Business and Interview and PCI DSS and Cyber Security Awareness Month and BAU

As an Official Champion of National Cyber Security Awareness Month (NCSAM), the PCI Council will b... READ MORE

How Awareness Training Can Reduce Data Breach Costs

Posted by Lindsay Goodspeed on 27 Oct, 2016 in Training and Phishing and Awareness and Interview and Cyber Security Awareness Month

To mark Global Payment Security Education Week: 24-28 October 2016, the PCI Council is offering fr... READ MORE

5 Questions with Community Meeting Speaker Brian Hussey

Posted by Lindsay Goodspeed on 19 Oct, 2016 in Community Meetings and Interview

In this post, we get insights from Brian Hussey, Global Director of Incident Response & Readiness ... READ MORE

SMB Security Tips: Inspect and Protect

Posted by Laura K. Gray on 18 Oct, 2016 in Small Business and Small Merchant Resources and SMB Series

Small and medium businesses around the world are increasingly at risk for payment data theft. Near... READ MORE

5 Questions with Community Meeting Speaker Christopher Novak

Posted by Lindsay Goodspeed on 18 Oct, 2016 in Small Business and Community Meetings and Interview

In this post, we get insights from Christopher Novak, Director, Investigative Response, Verizon RI... READ MORE

5 Questions with Community Meeting Speaker Chris Strand

Posted by Lindsay Goodspeed on 17 Oct, 2016 in Community Meetings and Interview

In this post, we get insights from Chris Strand, Security and Risk Compliance Officer at Carbon Bl... READ MORE

How Company Culture Can Defend Against Cyber Attacks

Posted by Lindsay Goodspeed on 13 Oct, 2016 in Small Business and Point to Point Encryption (P2PE) and Passwords and PCI DSS and Cyber Security Awareness Month

As an Official Champion of National Cyber Security Awareness Month (NCSAM), the Council will be sh... READ MORE

Securing Account Data with Point-to-Point Encryption

Posted by Laura K. Gray on 12 Oct, 2016 in Point to Point Encryption (P2PE) and Interview

Point-to-Point Encryption (P2PE) is a critical technology for devaluing payment card data and prev... READ MORE

SMB Security Tips: If You Don’t Need It, Don’t Store It

Posted by Laura K. Gray on 10 Oct, 2016 in Small Business and Small Merchant Resources and SMB Series

Small and medium businesses around the world are increasingly at risk for payment data theft. Near... READ MORE

SMB Security Tips: The Power of the Password

Posted by Laura K. Gray on 7 Oct, 2016 in Small Business and Passwords and Small Merchant Resources and SMB Series

Small and medium businesses around the world are increasingly at risk for payment data theft. Near... READ MORE

Cyber Security Awareness Month: Phishing

Posted by Lindsay Goodspeed on 6 Oct, 2016 in Phishing and Community Meetings and Cyber Security Awareness Month

As an Official Champion of National Cyber Security Awareness Month (NCSAM), the Council will be sh... READ MORE

5 Questions with Community Meeting Speaker Beth O’Brien

Posted by Laura K. Gray on 19 Sep, 2016 in Passwords and Community Meetings and Interview

In this post, we get insights from Beth O’Brien, Principal Product Marketing Manager, RSA, The Sec... READ MORE

5 Questions with Community Meeting Speaker Peggy Nolan

Posted by Laura K. Gray on 16 Sep, 2016 in Community Meetings and Interview and SIGs

In this post, we get insights from Peggy Nolan Principal IT Compliance Analyst at Liberty Mutual G... READ MORE

5 Questions with Community Meeting Speaker Tim Rohrbaugh

Posted by Laura K. Gray on 14 Sep, 2016 in Community Meetings and Interview

In this post, we get insights from Tim Rohrbaugh, VP North America, ControlCase, along with Kishor... READ MORE

The North America Community Meeting Mobile App is Here!

Posted by Laura K. Gray on 14 Sep, 2016 in Community Meetings

The North America Community Meeting mobile app is a free and easy-to-use resource. Access the latest... READ MORE

5 Questions with Community Meeting Speaker Joseph Pierini

Posted by Laura K. Gray on 13 Sep, 2016 in Community Meetings and Interview and Penetration Testing and SIGs

In this post, we get insights from Joseph Pierini, Director of Technical Services at Payment Softw... READ MORE

5 Questions with Community Meeting Speaker Jacob Ansari

Posted by Laura K. Gray on 12 Sep, 2016 in Community Meetings and Interview and Compliance

In this post, we get insights from Jacob Ansari, Manager at Schellman & Company, Inc. He will pres... READ MORE

Amazon Web Services: Cloud Security and PCI DSS 3.2 Compliance

Posted by Laura K. Gray on 9 Sep, 2016 in Community Meetings and Interview and PCI DSS and Cloud Security

Cloud service provider Amazon Web Services (AWS) recently announced its successful adoption of the l... READ MORE

5 Questions with Greg Johnson

Posted by Laura K. Gray on 1 Sep, 2016 in Passwords and Community Meetings and Interview

In this post, we get insights from Greg Johnson, Vice President of business development at A-Lign. H... READ MORE

National Restaurant Association: The Bottom Line: Your Business is at Risk

Posted by Laura K. Gray on 26 Jul, 2016 in Small Business and Interview and PCI DSS

In this blog post we talk with the National Restaurant Association’s David Matthews, co-chair of the... READ MORE

Barclaycard: Simplifying payment security

Posted by Laura K. Gray on 19 Jul, 2016 in Small Business and Interview and PCI DSS

The PCI Security Standards Council (PCI SSC) Small Merchant Taskforce recently published a set of pa... READ MORE

Focusing on the Fundamentals: Payment Protection Resources for Small Businesses

Posted by Laura K. Gray on 7 Jul, 2016 in Small Business and Interview and PCI DSS

The Council has just published a set of payment data protection basics for small businesses. READ MORE

Assessor Viewpoint: Adopting PCI DSS 3.2, multi-factor authentication and more

Posted by Laura K. Gray on 1 Jun, 2016 in Passwords and TLS/SSL and Interview and PCI DSS and Multi-Factor Authentication

Following publication of PCI Data Security Standard version 3.2 (PCI DSS) we sat down with READ MORE

PA-DSS 3.2: What’s New?

Posted by Laura K. Gray on 27 May, 2016 in Interview and PCI DSS and PA-DSS and QIR and Remote Access

The Council has just released version 3.2 of the Payment Application Data Security Standard (PA-DSS)... READ MORE

PCI DSS 3.2: What’s New with SAQs

Posted by Laura K. Gray on 3 May, 2016 in TLS/SSL and Interview and PCI DSS

In our previous PCI DSS 3.2: What’s New? post, we outlined the key changes in the latest version of ... READ MORE

PCI DSS 3.2: What’s New?

Posted by Laura K. Gray on 28 Apr, 2016 in TLS/SSL and Interview and PCI DSS

With the ink barely dry on the newest version of the industry standard for payment data protection, ... READ MORE

Preparing for PCI DSS 3.2: Summary of Changes

Posted by Laura K. Gray on 19 Apr, 2016 in TLS/SSL and Interview and PCI DSS

In our earlier blog post Planning for PCI DSS 3.2: Key Dates, we outlined important dates and milest... READ MORE

SSL/Early TLS: Navigating Payment Application Validations

Posted by Brandy Cumberland on 11 Apr, 2016 in TLS/SSL and Interview

The removal of Secure Sockets Layer (SSL)/ early Transport Layer Security (TLS) as examples of sec... READ MORE

Why Become a PCI Professional? Here are 3 Good Reasons

Posted by Gill Woodcock on 8 Apr, 2016 in Guidance and Training and Awareness and PCI DSS and PCI Professional

If you are looking at the PCI Professional (PCIP) program you may be asking “What’s in it for me?” o... READ MORE

Planning for PCI DSS 3.2: Key Dates

Posted by Laura K. Gray on 31 Mar, 2016 in TLS/SSL and PCI DSS

In our Preparing for PCI DSS 3.2: What to Expect in 2016 blog post earlier this year, we outlined wh... READ MORE

ECPA and PCI: Collaborating on Global Payment Data Protection

Posted by Laura K. Gray on 22 Mar, 2016 in Interview

In this blog post we talk with International Director Jeremy King on how the European Card Payment A... READ MORE

Chris Novak: "Nobody is Immune from Breaches"

Posted by Laura K. Gray on 17 Mar, 2016 in Interview and Middle East

The PCI Security Standards Council will host the second Middle East Forum on 6-7 April 2016 in Dubai... READ MORE

SSL/Early TLS: Working with an ASV on Failed Scans

Posted by Laura K. Gray on 10 Mar, 2016 in TLS/SSL and Interview

In removing Secure Sockets Layer (SSL)/ early Transport Layer Security (TLS) as examples of secure e... READ MORE

Devaluing Data with Point-to-Point Encryption: 3 Tips for Merchants

Posted by Jeremy King on 4 Mar, 2016 in Point to Point Encryption (P2PE)

There are many points payment card data can be exposed as it travels through a merchant’s systems ... READ MORE

A View from the Middle East with Izdehar Safarini

Posted by Laura K. Gray on 2 Mar, 2016 in Interview and Middle East

The PCI Security Standards Council will host the second Middle East Forum on 6-7 April 2016 in Dubai... READ MORE

Preparing for PCI DSS 3.2: What to Expect in 2016

Posted by Laura K. Gray on 17 Feb, 2016 in TLS/SSL and Interview and PCI DSS

With the December 2015 bulletin extending the deadline for Secure Sockets Layer (SSL)/Early Transpor... READ MORE

Acquirers: The Acquirer Checklist Resource is Available for Download!

Posted by Brandy Cumberland on 5 Feb, 2016 in Acquirers

One exciting topic from our recent PCI Acquirer Forum conference call was the introduction of the op... READ MORE

Assessing and Reporting Against PCI DSS v3.1: The Impact of New Migration Dates for SSL and Early TLS

Posted by Emma Sutcliffe on 3 Feb, 2016 in TLS/SSL

On 18 December 2015 the Council extended the PCI Data Security Standard (PCI DSS) deadline for mig... READ MORE

It's Data Privacy Day! Awareness starts with you.

Posted by Linda Rudder on 28 Jan, 2016 in Training and Awareness

International Data Privacy Day is designed to raise awareness and promote best practices for protect... READ MORE

3 Ways to Protect Against Phishing Attacks in 2016

Posted by Laura K. Gray on 25 Jan, 2016 in Phishing

“Phishing” happens when cybercriminals use specially crafted, seemingly legitimate-looking emails ... READ MORE

Acquirers: There's a PCI Forum Just for You!

Posted by Laura K. Gray on 15 Jan, 2016 in Acquirers and Events

Merchants rely heavily on their acquiring banks to help them with their PCI security efforts. We und... READ MORE

A Closer Look: The PCI Forensic Investigator (PFI) Program

Posted by Gill Woodcock on 8 Jan, 2016 in PCI Forensic Investigator (PFI) and Training and Certification

Data breaches have been in the news a great deal lately, and in the event of a breach of cardholder ... READ MORE

PCI Changes Date for Migrating from SSL and Early TLS

Posted by Laura K. Gray on 5 Jan, 2016 in eCommerce and TLS/SSL

As noted in our initial post in December 2015, the Council officially extended the migration complet... READ MORE

TEST Security: Could You and Your Employees Pass a Security Awareness Test?

Posted by Laura K. Gray on 23 Dec, 2015 in Small Business and Holidays and Passwords

Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during thi... READ MORE

TEST Security: Are You Using Tested Products and Vendors?

Posted by Laura K. Gray on 23 Dec, 2015 in Small Business and Point to Point Encryption (P2PE) and Holidays and Vendors and QIR and Remote Access and Validated Payment Applications

Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during thi... READ MORE

TEST Security: Who’s Checking Your POS Device for Skimming?

Posted by Laura K. Gray on 23 Dec, 2015 in Small Business and Holidays and Skimming and Point of Sale (POS)

Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during thi... READ MORE

TEST Security: Is Your Anti-Hacking Software Working?

Posted by Laura K. Gray on 23 Dec, 2015 in Software and Small Business and Holidays and Patching and Malware and Hackers

Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during thi... READ MORE

CHECK Controls: Don’t Lose Your Business to a Bad Password!

Posted by Laura K. Gray on 22 Dec, 2015 in Small Business and Holidays and Passwords

Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during thi... READ MORE

Be AWARE: Repelling Attacks by Killer Web Apps

Posted by Laura K. Gray on 22 Dec, 2015 in Small Business and Apps and Malware

Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during thi... READ MORE

CHECK Controls: Using a Firewall to Block Attacks from the Internet

Posted by Laura K. Gray on 21 Dec, 2015 in Small Business and Holidays and Patching and Firewalls

Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during thi... READ MORE

Date Change for Migrating from SSL and Early TLS

Posted by Laura K. Gray on 18 Dec, 2015 in eCommerce and TLS/SSL

The Payment Card Industry Security Standards Council (PCI SSC) is extending the migration completion... READ MORE

Be AWARE: Restricting Unauthorized Access

Posted by Laura K. Gray on 17 Dec, 2015 in Small Business and Holidays and Apps and QIR and Remote Access

Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during thi... READ MORE

CHECK Controls: Plugging Security Holes with Patching

Posted by Laura K. Gray on 17 Dec, 2015 in Small Business and Holidays and Patching and QIR and Approved Scanning Vendors

Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during thi... READ MORE

CHECK Controls: Protecting Cardholder Data with Encryption

Posted by Laura K. Gray on 15 Dec, 2015 in Small Business and Point to Point Encryption (P2PE) and Holidays

Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during thi... READ MORE

New PCI SSC Blog: PCI Perspectives

Posted by Laura K. Gray on 11 Dec, 2015 in Welcome

It’s official. We’re launching a blog! What does that mean for you? READ MORE

Be AWARE: Malware Is One Gift You Don’t Want This Holiday!

Posted by Laura K. Gray on 11 Nov, 2015 in Software and Small Business and Holidays and Patching and Malware

Our 12-post series explores how small retailers can ACT now to repel data thieves during this prime ... READ MORE

Be AWARE: How “Skimmers” Steal Payment Card Data

Posted by Laura K. Gray on 9 Nov, 2015 in Small Business and Holidays and Skimming

Our 12-post series explores how small retailers can ACT now to repel data thieves during this prime ... READ MORE

ACT now to get ahead of the holiday hacker season!

Posted by Laura K. Gray on 6 Nov, 2015 in Small Business and Holidays

Small Business: You are the prime holiday target for computer hackers! Why should you be concerned? READ MORE

Assessor Viewpoint: On PCI Point-to-Point Encryption (P2PE) Solutions

Posted by Dr. Stephan Engelke on 5 Nov, 2015 in Point to Point Encryption (P2PE)

Many merchants face issues in becoming PCI Data Security Standard (DSS) compliant and maintaining th... READ MORE

Thoughts from the PCI Community Meeting

Posted by Rob Sadowski, RSA on 5 Oct, 2015 in Community Meetings

The annual Community Meetings are the best way for anyone who has a stake in payment security to tak... READ MORE

Collaboration: the Word of the Week

Posted by Kelly Funk on 3 Oct, 2015 in Community Meetings

Who would have thought that a pilot, a journalist, numerous industry experts and myself would all se... READ MORE

The Endgame: Devaluing the Data Infographic

Posted by Laura K. Gray on 30 Sep, 2015 in Infographic and Community Meetings

“Let’s talk about our endgame. It’s about devaluing the data.” That’s how General Manager Stephen Or... READ MORE

New Guidance: Responding to a Data Breach

Posted by Laura K. Gray on 29 Sep, 2015 in Breaches and Guidance and Community Meetings

For any organization connected to the internet, it is not a question of if but when their business w... READ MORE

Mobile App: A Convenient Resource At Your Fingertips

Posted by Linda Rudder on 22 Sep, 2015 in Community Meetings

It’s the Community Meeting Mobile App – and it’s simple to use! With this resource, you can access t... READ MORE

How Blockchain Technology Offers Improvements to Payment Security

Posted by Laura K. Gray on 22 Sep, 2015 in Community Meetings

In this post, we get insights from Ashok Misra, CISSP, Founder at Alina Consultants. He will present... READ MORE

Training Opportunities at the Community Meetings

Posted by Linda Rudder on 3 Sep, 2015 in Training and Community Meetings

You already know the PCI SSC Community Meetings are a unique opportunity to get the latest technolog... READ MORE

Myths and Realities of PCI DSS Compliance in the Cloud

Posted by Laura K. Gray on 24 Aug, 2015 in Community Meetings

In this post, we get insights from Eric Naiburg, Director of Marketing at INetU. He will present in ... READ MORE

City of Calgary: The Big Picture of PCI DSS Compliance

Posted by Laura K. Gray on 20 Aug, 2015 in Community Meetings

In this blog post, we get insights from Lynda Daniluk, PCI Coordinator at the City of Calgary. She w... READ MORE