Welcome to our podcast series, Coffee with the Council. I'm Alicia Malone, Director of Communications and Public Relations for the PCI Security Standards Council. Well, it is hard to believe that we are already in February, but as we kick off 2026, we want to take a moment to also acknowledge all that the Council accomplished in 2025, including the recent release of the Council’s first-ever Annual Report. Joining me today to talk about this report and what we can expect in the year ahead is PCI SSC's Executive Director, Gina Gobeyn. Welcome, Gina!
Listen to the full episode on Spotify or on your favorite podcast player.
Gina Gobeyn: Thank you, Alicia. I'm happy to be here with you today.
Alicia Malone: So, let's just dive right in, Gina. Tell us a little about the Council’s recently released Annual Report. What is it exactly and why did the Council decide to publish one?
Gina Gobeyn: Absolutely. So, this is the Council’s first ever Annual Report, and we were very intentional about what we wanted it to be.
At its core, the report is a reflection of our mission, our priorities, and the partnerships that make our work possible at the Council. We wanted to tell the story of why we exist, what we're focused on, and how we are working with the global payments ecosystem to advance payment security. Now, the work that the Council does is fundamentally collaborative, and the impact that we drive is for the payments industry with the payments industry.
So, this report is really about transparency of purpose and direction. It's a way for us to step back and reflect on the year, but also to clearly articulate how our mission shows up in the real world and where we're headed together with our community.
Alicia Malone: I love that. Well, the Annual Report is full of great information. Can you walk us through the single most important story or message that it tells about the Council’s year? So, how do you sum up 2025?
Gina Gobeyn: Well, I would say that the defining message of 2025 for the PCI Security Standards Council is this: we moved from intention to execution.
Throughout the year, we were very focused on turning our vision into reality. And that vision is to evolve how we work so that we can better support the advancement of payment security in a fast-moving, highly innovative payment industry, while also strengthening how we're engaging with our global community of stakeholders. So, by evolving the way we work through a more structured product delivery operating model, and by engaging our stakeholders earlier and more often, we're working at the Council to remove waste from our processes, to better understand the impact of change, scale our delivery, and quite frankly, we're working to get it right faster.
And I think that this shift is more visible now in how we are prioritizing our work - we're organizing into product families - and in how we're partnering with our members, as well as you’ll see that the outcomes that we delivered in 2025 make this all very visible in how we are delivering on our mission. In fact, as highlighted in the report, 2025 really was a record year for stakeholder engagement and also one of the most productive years in Council history.
Now, to just give a few examples - I don't want to steal too much thunder from the report itself: last year, we completed five requests for comments. We've released two security standards. We published 98 FAQs, including technical FAQs which, in our world, help to enable agility and drive clarity of some of the security requirements in our standards. As well as a number of those FAQs addressed aligning our information from previous PCI DSS FAQs to align to the most current version, which is PCI DSS v4.0.1. Additionally, last year we issued eight new guidance documents. Eight! And two of those guidance documents focused on artificial intelligence.
Now, AI has rapidly emerged as a critical topic for the payments industry. And we heard that loud and clear from our stakeholders. And the way we responded was by prioritizing practical guidance. And that practical guidance has been well received from our stakeholders. We also launched our new blog, which is AI Exchange: Innovators in Payment Security, which is a blog series that's highlighting the innovative work that's being done by our stakeholders, and how they're using AI across the ecosystem.
Now all of that's important, but I think the real takeaway is not just the volume of activity. The data in the report also reflects increased engagement, deeper participation, and stronger alignment across the ecosystem. And more importantly, it reflects that we are working differently and more effectively together. So, when you look at the report, what you're really seeing is a year where the Council and our community leaned in together. We made deliberate choices, and we delivered impact that goes well beyond just internal PCI milestones. I think it's a story of momentum and one that we're continuing to build on as we look ahead. And, Alicia, to answer your second question, if I had to sum up 2025 in a single phrase, it would be: meaningful progress through collaboration.
Alicia Malone: Well, 2025 was certainly a busy year and I know the information included in the 2025 Annual Report represents meaningful work to you and to the entire PCI SSC team. What would you say you are most proud of?
Gina Gobeyn: When I think about the top takeaways from the report and what I'm most proud of, it all comes back to how we showed up as a mission-driven, community-centric organization at the Council. First, I'm proud of how clearly our mission comes through. And so, this report demonstrates that our work is grounded in purpose. Everything that we focused on in 2025, our priorities, our engagement, our delivery, was aligned to advancing payment security in a way that is practical, scalable, and globally relevant.
And second, the depth and quality of collaboration really stands out for me. One of the most meaningful takeaways is how actively the community participated in not just providing input, but by truly helping to shape our outcomes. The report reflects stronger partnerships, broader global engagement, and also a shared sense of responsibility for advancing security across the ecosystem.
And finally, I'm proud of the momentum we've built. In 2025, it was a year of meaningful progress. And not just in activity, but progress that sets us up well for what's next. I think you can see that in how we're operating, how we're prioritizing, and how we're working to align with the needs of the industry. If I had to sum it up, what I'm most proud of is that this report doesn't just document a year; it captures a turning point. It shows an organization and a community working together with clarity, intention, and impact.
Alicia Malone: Well, Gina, thank you for setting up that great segue because now we're going to shift and talk a little bit about what's next. Specifically, what would you say are the biggest challenges to payment security? And where do you think the biggest opportunities lie for the Council in helping to mitigate those challenges?
Gina Gobeyn: Well, I would offer that the challenge is complexity, but the opportunity is collaboration. And that's where the Council plays a critical role. I think that the 2025 report reinforces that the payment security industry is at a pivotal moment, one where challenges and opportunities are tightly connected.
At the heart of the challenge is the pace and the scale of change. Payments continue to evolve rapidly - new technologies, new players, new use cases - and all of that is happening alongside real time, always-on payments. And together, those dynamics can create an increasingly complex ecosystem. And that complexity can also introduce real risk. We see that there's potential for fragmentation, different approaches, uneven adoption, and of course, the potential for growing gaps between innovation and security.
At the same time, threats become more sophisticated. Technologies like AI are powerful enablers for innovation, but they can also be leveraged with malicious intent. And because payments and threats are global, coordination can be more difficult, but also more essential. And that's also where the opportunity lies, particularly for us at the Council.
One of the biggest opportunities for the Council is to continue serving as a globally trusted resource and the stabilizing force for the industry through our globally recognized industry-driven standards, our programs, and our training. It's the work that we're doing to bring the community together to advance payment security. I like to think of our role as supporting secure innovation. We're helping the payment ecosystem move forward securely and confidently, regardless of geography or technology involved.
The 2025 report highlights the unique position that the Council holds, working closely with industry thought leaders to anticipate change rather than to react to it. So, we're going to continue to deepen this model of engagement. We're going to work with our stakeholders to understand real world security threats, as well as best practice mitigation strategies through our timely information sharing. And that's how we're working to turn complexity into resilience. And so, when I look ahead, I do see real challenges, but I also see tremendous opportunity. If we stay focused on collaboration, transparency, and mission-driven outcomes, we're well positioned to help the industry navigate what's next, and we'll do that together.
Alicia Malone: And speaking of what's next, so 2026 is a big year for the Council as we celebrate its 20th anniversary of securing payments worldwide. Talk to us a little bit more about this milestone.
Gina Gobeyn: Yes, 20 years! So, reaching our 20th anniversary is such a significant milestone for the PCI Security Standards Council. And it's one that we're approaching with a lot of appreciation. Over the past two decades, the payment ecosystem has changed dramatically. We've gone from a much more centralized card-centric environment to a global digital always-on payments landscape. And throughout that evolution, the Council’s mission has remained the same. It's to enhance global payment account data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders. That's quite a mouthful, but in short, it's working to support securing the payment industry with the payment industry.
And what's meaningful about this anniversary isn't just longevity, it's relevance. The fact that the Council continues to play a critical role today is a testament to the strength of our community and the partnerships that have shaped our work over the years. And now we rely more heavily on those partnerships than ever before. We are working to ensure that we are bringing forward standards, programs, training, and the Council’s resources that are the right products for our stakeholders at the right time. Today, our Board of Advisors is made up of the largest cross section of payment players that we've ever worked with. We're working with 64 companies as members of our Board of Advisor group. We have multiple membership levels that are allowing organizations to participate in meaningful ways with the Council in ways that best fit their needs. And from a global representation perspective, we have increased the opportunities to incorporate regional representation into the development of our security standards globally.
So, it's nice to reflect on how far we've all come, but 2026 isn't just about looking back. It's also about recommitting to our mission and asking, what's next? What's on the horizon? What does the next chapter of payment security require? So, as we all mark 20 years, we are certainly celebrating the progress we've made. We're thanking the community that has made it all possible, but we're also looking ahead with purpose. The work isn't done, and in many ways, it's more important than ever.
Alicia Malone: That is so exciting and we will be celebrating the 20th anniversary all year long. So, stay tuned for more announcements. But now that we're in the new year, it's moving so quickly already. Please share what some of your goals are heading into 2026.
Gina Gobeyn: So as much as anything, we want to continue with the momentum gained in 2025 while preparing for what's on the horizon. So, a top priority for us is ensuring that our standards, programs, guidance, and training continue to evolve in the ways that are practical, scalable, and responsive to real-world payments. So that means that we're continuing to work closely with our community, facilitating healthy discussion and sometimes debate. We understand emerging technologies and can anticipate some of their risks. And we're helping to support secure payment innovation without creating unnecessary friction.
As we mark our 20th anniversary, we are very focused on the future. 2026 is an opportunity for us to reinforce the Council’s role as a trusted global payment security resource and to work with our community to set direction for the next chapter of payment security, one that's grounded in transparency, collaboration and long-term impact. So, the year ahead is about continuity and evolution. We're going to stay true to our mission while continuing to adapt how we deliver on it in a rapidly changing environment.
Alicia Malone: That's so wonderful. I can't wait to see what the year holds for the Council. Thank you so much for joining us on Coffee with the Council, Gina, and for sharing your insights into the Annual Report and what's next for the Council in 2026.
Gina Gobeyn: Well, thank you, Alicia. As we wrap up here, I would like to extend a sincere thank you to our community and to our partners around the world. Your engagement and collaboration makes this work possible. We are proud of what we accomplished together and even more excited about what lies ahead. So, thank you for being part of our journey and helping us to continue to advance secure payments worldwide.
Alicia Malone: The Council’s first-ever Annual Report is now available on the PCI SSC website. You can find a link to download it in the blog transcription of this episode.
Like what you’ve heard? Subscribe to PCI SSC’s “Coffee with the Council” podcast by visiting any of the following platforms: Apple Podcasts, Spotify, Amazon Music, Anchor, Castbox, Google Podcasts, iHeartRadio, Pocket Casts, RadioPublic, Stitcher, Audible, Overcast, or Pandora.
