Annual Meeting Brings Together Industry Leaders to Collaborate on Evolving Standards and Solutions for the Future of Payment Security
BOSTON, Mass. 12 September 2024 — Nearly 1500 in-person and online stakeholders attended the PCI SSC North America Community Meeting, a collaborative forum for leaders in the payment security industry. The multi-day event featured discussions on the upcoming March 2025 deadline to adopt the 51 future-dated requirements of PCI DSS v4.0, insights into the latest threats to payment security, and the importance of cross industry collaboration to defend against these threats.
The week kicked off with a special keynote address from the Council’s new Executive Director Gina Gobeyn. The keynote focused on the evolution of the organization and the importance of continued collaboration to shape the future of payment security together. She was joined on stage by the Council’s new Head of Engagement Diana Greenhaw and new Head of Product and Technology Deanne Zettler, who collectively represent the first all-female leadership team at PCI SSC.
“The North America Community Meeting is really the first opportunity of the year when we have a chance to meet face-to-face with the payment security industry and demonstrate the continued evolution of not only technology and payments, but also how we’re evolving at the Council to meet the needs of our stakeholders,” said PCI SSC Executive Director Gina Gobeyn. “We have so much change to share this year – from the transformation of our leadership team to the evolution of our standards and programs – and we are so excited about what the future holds for this industry. We are committed more than ever to working in tandem with our stakeholders to remain steadfast against threats and keep pace with the rapid change of payment technology.”
The Council provided a deeper look into the evolving landscape of payment security standards through a presentation from PCI SSC’s Vice President, Solutions, Andrew Jamieson. As Andrew examined how the Council’s current portfolio of 15 standards work together, he announced PCI SSC’s efforts to consolidate and align its standards portfolio, to make it easier for people working within the purview of multiple standards to meet their obligations. As an example of this work, he introduced a new, combined Key Management Operations (KMO) standard, which will integrate requirements from PCI PIN and P2PE.
“To remain ready for the future, PCI SSC must adapt and change through updating and aligning its standards, programs, and training. Every PCI SSC standard will be affected over the next few years, whether it is through consolidating or deviating where necessary,” said Andrew Jamieson. “The most important part of this process is that we cannot do it alone. Payment industry stakeholders have a significant opportunity to influence these changes, and we need their input to ensure we continue to secure payments into the future. Now is a great time to get involved with the Council and have your voice heard in the evolutional direction of payment security standards.”
Top of mind for many in the industry is the 31 March 2025 deadline to adopt the 51 future-dated requirements of PCI DSS v4.0. Stakeholders discussed the transition to PCI DSS v4.0 with Council staff. On-stage PCI DSS v4.0 presentations highlighted some of the many resources to help the industry with this transition:
PCI DSS v4.x Resources
- PCI DSS v4.0.1 Published: To address stakeholder feedback and questions received since PCI DSS v4.0 was published in March 2022, PCI SSC published a limited revision to the standard, PCI DSS v4.0.1, which includes corrections to formatting and typographical errors and clarifies the focus and intent of some of the requirements and guidance. There are no additional or deleted requirements in this revision. View the new version.
- New ROC Template: PCI SSC released a new Report on Compliance template for v4.0.1 to align with the standard, to address minor errors, and to reformat the template. PCI SSC also addressed feedback from stakeholders regarding usability and performance. View the new ROC Template.
- New Resource Guide: Vulnerability Scans and Approved Scanning Vendors: This new resource guide is intended for anyone with questions about ASV scans, with a focus on SAQ A merchants completing PCI DSS Requirement 11.3.2 for the first time. In this resource guide, PCI SSC shares key considerations, educational resources, and frequently asked questions to help better understand PCI DSS Requirement 11.3.2, which requires evidence of passing external scans, performed by an ASV, at least once every three months.
Visit the PCI SSC website for more information on all the PCI Council’s efforts and activities including how your organization can attend the next PCI SSC event and join the global cross-industry effort to increase payment security.
Register now to attend the next PCI SSC events:
- Europe Community Meeting in Barcelona, Spain: 8-10 October
- Asia-Pacific Community Meeting in Hanoi, Vietnam: 20-21 November
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible, and effective data security standards and programs that help businesses detect, mitigate, and prevent cyberattacks and breaches. Connect with PCI SSC on LinkedIn. Join the conversation on Instagram and X (formerly Twitter) @PCISSC. Subscribe to the PCI Perspectives Blog. Listen to the Coffee with the Council podcast.
###