FAQ: Assessment Guidance for Non-listed Encryption Solutions
A warm welcome to new POs
14 December Acquirer Forum webinar
2017 Board of Advisor nomination and election process
Middle East & Africa Forum
PCI Awareness eLearning awaits
Miami ISA class now enrolling
As always, if you have questions, concerns, or suggestions on how to improve this weekly communication for POs, please email us at: pcimonitor@pcissc.org.
PCI News & Program Updates
The Council to publish scoping guidance On Friday, the Council will publish Guidance for PCI DSS Scoping and Network Segmentation, which helps clarify basic scoping and segmentation principles provided in the PCI Data Security Standard (PCI DSS). The PCI SSC worked with members of the PCI SSC Board of Advisors and industry subject matter experts to outline methods to help organizations identify the systems that, at a minimum, need to be included in scope for PCI DSS. Additionally, the document provides guidance on how segmentation can be used to help reduce the number of systems that require PCI DSS controls. A draft press release can be viewed here, and a preview of the guidance is available in the PO Portal here. Subscribe to the PCI Perspectives blog for additional information on the supplement once it is published.
FAQ: Assessment Guidance for Non-listed Encryption Solutions The Council has published a FAQ document to help stakeholders better understand the intent and purpose of recently issued Assessment Guidance for Non-listed Encryption Solutions.
Welcome new POs Over the past month, nine (9) new companies have joined forces with the Council to help keep payments secure.
Allianz Insurance PLC
Surrey, United Kingdom
Cielo S.A.
Sao Paulo, Brazil
City of Tucson
Tucson, AZ United States
Kount Inc.
Boise, ID United States
OnPlan Holdings, LLC
Bannockburn, IL United States
OVH
Roubaix, France
Telefonica O2 UK Limited
Berkshire, United Kingdom
Travis Perkins plc
Northampton, United Kingdom
VTEX Cloud e-Commerce Platform
Sao Paulo, Brazil
Participation Opportunities
Acquirer Forum: Calling all acquirers and processors Join your peers for an interactive discussion with the PCI Council at our Acquirer Forum webinar. Ask us your questions, and get the latest updates on Council initiatives that will help you and your customers protect payment information in 2017.
2017 Board of Advisor nomination and election process The Board of Advisors represents the Council’s Participating Organizations worldwide to ensure global industry involvement in the development of PCI Security Standards. As strategic partners, they bring market, geographical and technical insight to PCI Council plans and projects. The current board completes its term in 2017, and the Council will begin the process of soliciting nominations from Participating Organizations on 23 January 2017. We will follow the same process as we have in previous years, where nominations will be submitted via the PO portal and voting via an electronic ballot.
Please stay tuned to the PCI Monitor for additional communications on this topic. In the meantime, contact secretariat@pcisecuritystandards.org with any questions.
Middle East and Africa Forum: Together we can thwart data breaches Securing payment card data is a global challenge that requires a united approach. Mark your calendar and plan to come to Cape Town, South Africa to attend the Middle East and Africa Forum on 29 March. The Council will share the latest technological and security updates, and will showcase regional perspectives on the future of payments.
In conjunction with the Forum, three training courses are available, allowing attendees to make the most of their travel time and budgets:
New to the industry? Then PCI Awareness eLearning course is for you! In just four-five hours, this self-paced online session will educate you or your staff on the fundamentals of PCI security under PCI DSS 3.2. Available whenever you are – at home, at work, on the road, you can study whenever it fits your schedule. The online course provides a basic understanding of how PCI DSS requirements can help protect cardholder data. Read the course description.
We also offer PCI Awareness training as a Corporate Group Training option. We can come to your chosen location to deliver the curriculum to your team in one day. A great, interactive way to engage your team so they can all contribute to building a more secure payment environment.
Applications must be in by 3 January. Take two days to learn how to improve security and conduct assessments for your organization’s payment card data. Don’t wait - these classes sell out fast!
