The Annual Meeting Fosters Collaboration and Innovation in The Payments Security Industry
PORTLAND, Ore. 14 September 2023 — More than 1,200 in-person and online stakeholders attended the PCI SSC Global Community Meeting, a collaborative forum for leaders in the payment security industry. The multi-day event featured discussions on the upcoming March 2024 retirement of PCI DSS v3.2.1, insights into the latest threats to payment security, and the importance of cross industry collaboration to defend against these threats.
“The North America Community Meeting is a vital opportunity for the industry to come together and exchange ideas on payment security,” said PCI SSC Executive Director Lance J. Johnson. “As an industry-driven organization, our global payment security standards and programs rely on insights from the payments community to ensure they remain steadfast against threats and keep pace with the rapid change of payment technology.”
Recent changes to the Council’s Participating Organization Program provide the industry with expanded opportunity to contribute, collaborate, and influence the direction of these standards and programs. Principal Participating Organizations can now provide input to the Council via the following groups:
- Roadmap Roundtable Group (RRG) Members of the RRG play a key part in the Council’s annual strategic planning process and help to drive the Council’s direction and strategic initiatives.
- Technology Guidance Group (TGG) The TGG provides proactive technical oversight for the Council’s standards and programs. Members have the opportunity to provide input to Council standards during the development process prior to the release of RFCs.
On stage, Emma Sutcliffe, SVP, Standards and Andrew Jamieson, VP, Solutions, presented to attendees how the Council is updating the Standards development process to increase industry input.
“PCI DSS v4.0 is a great example of the Council reacting to the industry’s need for more flexibility and deeper security guidance,” said Emma Sutcliffe. “The newly formed RRG and TTG provide new opportunities for industry feedback throughout the standards development process. The aim is to ensure our standards protect against current and future threats to payment security while enabling payment technology innovation.”
Top of mind for many in the industry is the March 2024 retirement of PCI DSS v3.2.1. Stakeholders were able to discuss the transition to PCI DSS v4.0 with Council staff. On-stage PCI DSS v4.0 presentations highlighted some of the many resources to help the industry with the transition:
PCI DSS v4.0 Resources
- New Self-Assessment Questionnaire (SAQ) documents: Find the newly-published Self-Assessment Questionnaire (SAQ) Instructions and Guidelines and SAQ for Software-based PIN Entry on COTS solutions (SPoC) for PCI DSS v4.0 in the PCI SSC Document Library.
- Items Noted For Improvement (INFI) Worksheet: This worksheet is designed to provide a consistent method to identify and document areas needing improvement in an organization’s security posture, to help organizations address those areas and support their ability to maintain security as a continuous process. Read the bulletin here.
- PCI DSS v4.0 Resource Hub: Bookmark the PCI DSS v4.0 Resource Hub to find the most up-to-date Council-created educational materials on PCI DSS v4.0. Recent examples include a slideshow featuring 8 Steps to Take to PCI DSS v4.0 and Questions with the Council, a video series answering common stakeholder questions.
Visit the PCI SSC website for more information on all of the PCI Council’s efforts and activities including how your organization can attend the next PCI SSC event and join the global cross-industry effort to increase payment security.
Register now to attend the next PCI SSC events:
- Europe Community Meeting in Dublin, Ireland: 24-26 October
- Asia-Pacific Community Meeting in Kuala Lumpur, Malaysia: 15-16 November
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.