Payment Security Industry Leaders Collaborate to Help Protect Payment Data and Discuss the Modern Threat Landscape
DUBLIN, 26 October 2023 — More than 700 in person and online stakeholders from Europe and around the world convened this week in Dublin for the Payment Card Industry Security Standards Council (PCI SSC) Europe Community Meeting. The multi-day event focused on updates in payment security standards and programs, and provided industry stakeholders with opportunities to learn, share, network, and discuss the current state of payment security.
A top priority for the PCI SSC at this year’s meeting was to provide insights and answer stakeholder questions regarding the PCI DSS v4.0. Additionally, the Council held discussions and presentations on its Software Security Framework Standards and its new mobile standard, Mobile Payments on COTS (MPoC), which was released late last year. The Council also continues to look for ways to foster collaboration among its global stakeholders. This event is one of the many ways stakeholders can provide feedback, ask questions, and help influence the direction of PCI Security Standards and programs.
“Global industry collaboration is critical to our mission of securing payment data worldwide,” said PCI SSC VP, EMEA, Jeremy King. “The Europe Community Meeting gives us a great opportunity to have important face-to-face discussions with our international community of payment industry stakeholders, which allows us to continue to grow and develop our programs and standards with their input.”
“The Community Meetings are an essential part of what we do at the Council; bringing together a “community” of payment security experts from around the world to share information and learn from each other,” said PCI SSC Executive Director Lance J. Johnson. “This meeting in Dublin underscored just how rapidly the payment landscape continues to evolve and why we must stay vigilant to both the threats and the new technologies in our industry to ensure safer payments worldwide.”
News from the meeting included:
- New PCI DSS v4.0 Resources
- New Self-Assessment Questionnaire (SAQ) documents: Find the newly published Self-Assessment Questionnaire (SAQ) Instructions and Guidelines and SAQ for Software-based PIN Entry on COTS solutions (SPoC) for PCI DSS v4.0 in the PCI SSC Document Library.
- Items Noted for Improvement (INFI) Worksheet: This worksheet is designed to provide a consistent method to identify and document areas needing improvement in an organization’s security posture, to help organizations address those areas and support their ability to maintain security as a continuous process. Read the bulletin here.
- PCI DSS v4.0 Resource Hub: Bookmark the PCI DSS v4.0 Resource Hub to find the most up-to-date Council-created educational materials on PCI DSS v4.0. Recent examples include a slideshow featuring 8 Steps to Take to PCI DSS v4.0 and Questions with the Council, a video series answering common stakeholder questions.
- Secure Software Standard: Web Module The Council explained important security principles of the Secure Software Standard and the new Web Software requirements that are intended to enforce those principles. Read our recent blog post that explores more about the Technical Differences Between the Software Security Framework (SSF) and the now retired Payment Application – Data Security Standard (PA-DSS).
- Mobile Security and Standards In partnership with EMVCo, the Council gave an update on its work regarding mobile payment security through its newest standard, Mobile Payments on COTS (MPoC), while EMVCo discussed its work on mobile payment acceptance. Learn more about the MPoC Standard on the Council’s podcast here: What is Mobile Payments on COTS? Understanding PCI SSC’s New Standard for Mobile Solutions.
- New Participating Organization Program Recent changes to the Council’s Participating Organization Program provide the industry with expanded opportunity to contribute, collaborate, and influence the direction of these standards and programs. Principal Participating Organizations can now provide input to the Council via the following groups:
- Roadmap Roundtable Group (RRG) Members of the RRG play a key part in the Council’s annual strategic planning process and help to drive the Council’s direction and strategic initiatives.
- Technology Guidance Group (TGG) The TGG provides proactive technical oversight for the Council’s standards and programs. Members can provide input on Council standards during the development process before the release of RFCs (Request for Comment) periods.
- PCI SSC Brazil Regional Engagement Board Election The nomination period for the 2024-2025 Brazil Regional Engagement Board opens on 1 November 2023. Participating Organizations and Qualified Security assessor companies have an opportunity to provide regional and industry expertise to the PCI SSC by serving as advisors to the PCI SSC on payment data security issues in Brazil. Learn more about the nomination and election process here: Regional Engagement Board Election.
- PCI Community Job Board In an effort to help connect the industry, PCI SSC launched a new job board this year. Designed to be a centralized resource, the webpage offers a way to make it easier for the payment industry to advertise its available jobs, while also creating an easy-to-use platform for payment security professionals to find those jobs. Read this blog post for additional information: Looking for a Job? Looking for Qualified Talent? Connect on the PCI Community Job Board.
Visit the PCI SSC website for more information on all the PCI Council’s efforts and activities including how your organization can attend the next PCI SSC event and join the global cross-industry effort to increase payment security. Presentations given at the European Community Meeting will be available to watch on-demand in the PCI SSC Global Content Library later this year.
Register now to attend the next PCI SSC event:
- Asia-Pacific Community Meeting: 15-16 November in Kuala Lumpur, Malaysia
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.