Not rendering correctly? View this email as a web page here.
 In This Issue: 8 February 2017
  • New guidance on multi-factor authentication
  • Provide your feedback on P2PE
  • Submit your BOA nomination today
  • Regional insights and training opportunities at the Middle East & Africa Forum
  • Asia-Pacific Community Meeting to be held in May this year
  • ISA classes scheduled worldwide

As always, if you have questions, concerns, or suggestions on how to improve this weekly communication for POs, please email us at:


New Guidance on Multi-Factor Authentication
Attackers continue to compromise valid credentials to access company networks and steal data. To help organizations combat this growing threat, the PCI SSC will issue guidance on multi-factor authentication (MFA). MFA provides a higher degree of assurance of the identity of individuals attempting to access computers and systems that are part of the cardholder data environment.

The PCI Data Security Standard (PCI DSS) currently requires MFA for remote access (originating from outside a company’s network) where that remote access could lead to access to the cardholder data environment. Effective 1 February 2018, MFA will also be required for administrative personnel with non-console access (administered or managed over a network) into the cardholder data environment.

The MFA guidance will provide industry-accepted principles and best practices for MFA, including considerations for common implementation scenarios. Note that use of this guidance is not required to meet PCI DSS Requirement 8.3 and its sub-requirements; but we encourage organizations to use this guidance when evaluating all new or current MFA implementations. The guidance will be available in the document library on the PCI SSC website later this week.


Provide Your Feedback on P2PE
The PCI Council is evaluating a potential update to the PCI Point-to-Point Encryption (P2PE) Standard in 2018, or sooner if necessary.

As a Participating Organization, your company has the opportunity to provide comments on changes you’d like to see made to the PCI P2PE standard and supporting program in the next revision.

Based on market response to PCI P2PE version 2.0, the PCI Council is exploring minor modifications to make the standard more flexible and easier to use, such as adding more flexibility for component providers (e.g., Domains 1 and 6), and fine-tuning the listing process.

Please visit the PO Portal for more information and to provide specific feedback on PCI Point-to-Point Encryption (P2PE) Standard version 2.0 and the supporting PCI P2PE Program. The comment period closes on 4 April. 

 > Visit the portal



Run for the PCI SSC Board of Advisors
A global view requires local understanding. Effective standards and resources are developed with practical, on-the-ground insights from industry leaders.

Demonstrate your expertise and leadership and impact payment security globally – run for the 2017-2019 PCI SSC Board of Advisors. As a Participating Organization (PO) in good standing, you may submit nominations via the PO portal through Monday 27 February 2017.

The Board of Advisors are strategic partners to the SSC bringing geographical, technical and specific vertical market insight to Council plans and projects. The Board reflects the global payment ecosystem and elected seats are available in the following five categories: merchant (6), financial institution (3), processor (3), vendor (3) and association/nonprofit (3).

Make sure your region is represented. Make sure your industry is represented. Submit your nomination today.

 > More information


Together We Can Thwart Data Breaches
Securing payment card data is a global challenge that requires a united approach. Please come to Cape Town to attend the PCI Middle East & Africa Forum on 29 March. This free event features a robust agenda with engaging speakers and the opportunity to network with regional industry leaders. Register now.

In conjunction with the Forum, three training courses are available, allowing attendees to make the most of their travel time and budgets:

> Check out Forum training options 


PCI Asia-Pacific Community Meeting Will be Held in May This Year
We’re building a great agenda. Join your colleagues, the best and brightest payment security minds in the industry, to discuss the latest on PCI in the Asia-Pacific region. Click here to register for the 2017 meeting. Remember, as PO you get two complimentary passes!

Looking for more exposure for your company? Learn more about participating in the vendor showcase. Also, be sure to check out the variety of sponsorship opportunities available. You could sponsor a reception, the welcome kit, or choose one of the other options to maximize your brand visibility at the meeting this year.

 > Register here
 > Call for Speakers



Worldwide Locations for ISA Training
Wherever you are in the world – we have an ISA training class for you…

Over the next three months we have Internal Security Assessor (ISA) classes scheduled in Africa, Asia-Pacific, Europe, and North America. In this interactive two-day session, you’ll get practical hands-on experience on the requirements for PCI compliance as well as assessment and remediation techniques. Read the course description – and enroll in the class that’s most convenient for you.

  • Cape Town: 27-28 March (the two days just preceding the PCI Middle East and Africa Forum which is on 29 March)
  • Austin, TX: 27-28 March
  • London: 18-19 April
  • Bangkok: 15-16 May (the two days just preceding the PCI Asia Pacific Community Meeting which is on 17-18 May)

 > Apply for ISA training



Merchant Payments Ecosystem 2017
16 Feb – Berlin, Germany
Presenter: Jeremy King

Travel Technology Europe Show
22 Feb – Olympia, London
Presenter: Jeremy King

14 March – Buenos Aires, Argentina
Presenter: Carlos Caetano

MAC Conference
22 March – Las Vegas, NV
Presenter: Troy Leach

PCI Middle East & Africa Forum
29 March – Cape Town, South Africa

Stay up to date with PCI Security Standards Council! Follow us today.

linkedin-rounded.png twitter-rounded.png blog-rounded.png