PCI Security

  Driven by a need to improve internal security controls, help improve the company’s interactions with Qualified Security Assessors (QSAs) and increase its credibility with the market, Braspag enrolled a member of its compliance team in Internal Security Assessor (ISA) training. ... read more

  From now through 25 November PCI SSC Participating Organizations are invited to vote on proposals for 2020 Special Interest Group (SIG) projects.  ... read more

  FIS faced the challenge of coordinating several simultaneous assessments across its organization and geographic regions. The company addressed this by implementing common templates and a programmed approach to coordination, which included a strong set of policies enforced throughout the organization. ... read more

The PCI PIN Standard requires implementation of Key Blocks. On this blog, the fourth of the series, we cover basic questions about the Advanced Encryption Standard (AES) and the Triple Data Encryption Standard (TDES) block ciphers and how they relate to key blocks. On our first ... read more

From 1-29 November 2019, the PCI Security Standards Council (PCI SSC) is accepting nominations from companies to serve on the 2020-2021 PCI SSC Brazil Regional Engagement Board. ... read more

  The Payment Card Industry Professional (PCIP) is an individual, entry-level qualification in payment security information and provides you with the tools to help your organization build a secure payment environment. Becoming a PCIP demonstrates a level of understanding that can provide a strong foundation for ... read more

  From 28 October to 13 December 2019, PCI SSC stakeholders can participate in a Request for Comments (RFC) on an early draft of PCI Data Security Standard Version 4.0 (PCI DSS v4.0 Draft v0.1 for RFC). ... read more

  In December, PCI SSC plans to publish a new standard for solutions that enable “tap and go” transactions on merchant smartphones and other commercial-off-the shelf (COTS) mobile devices. ... read more

In his presentation at the 2019 PCI Community Meeting this week in Dublin, Chief Technology Officer Troy Leach reflected on the changes in payments over our history that has influenced upcoming standards such as DSS v4.0, Software Security Framework and the PCI SSC’s new engagement model. ... read more

  The PCI Security Standards Council (PCI SSC) has published a resource guide with key information to help stakeholders plan for transitioning from PA-DSS to the PCI Software Security Framework (SSF). ... read more

  Braspag was challenged with managing the costs involved with implementing and maintaining the PCI Data Security Standard (PCI DSS) and establishing a PCI DSS program. ... read more

  Decolar needed to ensure that PCI Data Security Standard (PCI DSS) controls were being maintained in its cloud environment. ... read more

  PCI SSC has launched a new assessor qualification program to support the PCI Software Security Framework (SSF). ... read more

The PCI P2PE Standard provides a comprehensive set of security requirements for validation of P2PE solutions, applications and components to protect payment card data. Expected in December of 2019, the P2PE v3.0 Standard and Program have been streamlined to facilitate a greater degree of flexibility for industry stakeholders as well as to improve the ... read more

In this interview with the Council’s Global Head of Standards, Emma Sutcliffe, we address key questions about the upcoming request for comments (RFC) on a first draft of PCI Data Security Standard Version 4.0  (PCI DSS v4.0). PCI DSS v4.0 is a key discussion topic at ... read more