PCI Security

Mapping PCI DSS v. 3.2.1 to the NIST Cybersecurity Framework v. 1.1   How meeting PCI DSS requirements can help toward achieving Framework outcomes for payment environments.  On the blog, we cover basic questions about the newly released Mapping of PCI DSS to the NIST Cybersecurity ... read more

Did you know that the Frequently Asked Questions (FAQ) resource on the PCI SSC website is updated regularly to address common questions the PCI SSC receives from stakeholders? This searchable tool includes a library of questions and answers on a variety of topics across PCI Security Standards ... read more

The PCI PIN Security Requirements and Testing Procedures (PCI PIN Security Standard) require implementation of Key Blocks.  On the blog, we cover basic questions about this security method and how it helps secure payment data. ... read more

PCI SSC has announced the rollout of the Secure Software Lifecycle (Secure SLC) and Secure Software Programs. These new validation programs are intended for use by payment software vendors to demonstrate that both their development practices and their payment software products address overall software security resiliency ... read more

The PIN Security Requirements 18-3 Key Blocks Information Supplement provides a series of FAQs to help PIN acquiring entities with implementation of cryptographic key blocks in accordance with requirement 18-3 in the PCI PIN Security Requirements v3.0.  ... read more

  PCI SSC recently completed the first of two request for comments (RFC) periods on the draft PCI Contactless Payments on COTS Standard and published a Magnetic Stripe Readers (MSR) Annex to the Software-based PIN Entry on COTS (SPoC) Standard. ... read more

  Who will be eligible to conduct assessments under the PCI Software Security Framework? How will the assessor qualification process work? When will training be available? ... read more

  From 20 May to 19 June, PCI SSC stakeholders can participate in a Request for Comments (RFC) on the P2PE Standard v3.0 draft. RFC periods are avenues for PCI SSC stakeholders to provide feedback on existing and new PCI Security Standards. ... read more

New validation programs are being developed to support the PCI Software Security Standards. Together, these standards and programs provide payment software vendors with the PCI Software Security Framework for designing, developing and maintaining modern payment software. ... read more

What do stakeholders need to know about PCI Security Standards in 2019? PCI SSC Chief Technology Officer Troy Leach provides an update on what to expect for changes to existing standards and a look at those in development this year.   ... read more

PCI SSC is in the process of launching a new program to train and qualify security professionals to perform assessments using the Card Production Security Standards. Gill Woodcock, Senior Director of Certification Programs, provides an update on this effort and how it will improve the security ... read more

A little more than a year into his role as Executive Director, Lance Johnson provides an update on where the PCI Security Standards Council (PCI SSC) started and where it’s headed, including a strategic look at top priorities and what stakeholders can expect in 2019, and ... read more

In 2015 the PCI SSC created the Small Merchant Taskforce, a cross-industry consortium of payment security experts, merchant groups and small merchant advocates, to create educational material and suggested next steps to assess risk within a small business environment.  ... read more

PCI SSC has begun efforts on PCI Data Security Standard version 4.0 (PCI DSS v4.0). Here we provide more insight into the development process and how PCI SSC is looking at changing the standard to support businesses around the world in their efforts to safeguard payment ... read more

Associate Regional Director for India, Nitin Bhatnagar, provides an update on PCI SSC efforts in the region ahead of the first ever PCI India Forum, taking place on 13 March in Delhi. ... read more