The Global Community Forum Featured Guidance from the Council and Industry Leaders on Payment Security Threats and Best Practices in 2021
WAKEFIELD, Mass., 28 October 2021 — Nearly 3,500 stakeholders registered for the PCI SSC Global Community Forum, which provides a platform for leaders in the payment security industry to collaborate and share knowledge on security best practices to protect payment data against cybercrime. The multi-day global virtual event featured insights into the development of the PCI Data Security Standard (PCI DSS) v4.0 and addressed regional payment security trends including discussions on the rapid evolution of mobile payments and the ongoing challenges faced due to the global pandemic. The event included a keynote presentation from J.R. Martinez, a bestselling author, motivational speaker, advocate, and wounded U.S. Army veteran.
“The Global Community Forum brings together global leaders in the payments security industry to learn, share and discuss the current state and future of payment security. Collaboration is a core tenet of the Council- the feedback from this collaboration is what drives the changes to our standards and programs and helps us address changing technologies and emerging threats to payment data,” said PCI SSC Executive Director Lance J. Johnson.
The event included presentations on the upcoming publication of the PCI Data Security Standard v4.0. The flagship payment data security standard is in the final stages of development, after undergoing multiple RFC periods. An exclusive preview draft of the Standard will be made available under a non-disclosure agreement to Participating Organizations, Qualified Security Assessors (QSAs), and Approved Scanning Vendors (ASVs) in January 2022. Public release of the Standard is targeted for March 2022. For more information read the PCI Perspectives Blog: Updated PCI DSS v4.0 Timeline
Other key topics discussed at the meeting included:
- Challenges Resulting from the Global Pandemic
PCI SSC has continued its commitment to listening to industry and stakeholder feedback on how the pandemic impacts the payments ecosystem. As part of that effort, the Council took action by publishing guidelines on performing remote assessments, creating a new 45-minute training course on the basics of working from home in a secure manner, and expanding online training offerings.
- Future of Mobile Standards
The next iteration of PCI SSC mobile standards is designed to support the future evolution of mobile payments. With the working title of Mobile Payments on COTS (MPoC), PCI SSC’s new mobile standard is currently in development and builds on the existing Software-based PIN Entry on COTS (SPoC) and Contactless Payments on COTS (CPoC) Standards. MPoC will be a flexible mobile standard and program that will support a wide range of payment acceptance channels, different verification methods, and flexibility for payment solution development. Read more here: The Future of PCI SSC Mobile Standards
- Education on Software Standards
The Software Security Framework (SSF) is a collection of standards and programs for the secure design and development of payment software. This Framework provides objective-focused security to support more nimble development and update cycles for traditional and modern payment software. Discussion focused on information to assist stakeholders in their migration from PA-DSS to the Software Security Framework. Read more here: Conceptual Differences Between SSF and PA-DSS
- Upcoming Request for Comments
The Council’s Request for Comments (RFC) process is an avenue for PCI SSC stakeholders to provide feedback on existing and new PCI Security Standards and Programs. Upcoming and current RFC opportunities include:
- PCI PTS POI v6.1 Draft Standard RFC (5 October – 3 November 2021)
- PCI 3DS SDK Security Standard v1.1 (18 October – 17 November 2021)
- PCI 3DS Core Security Standard v1.0 (18 October – 17 November 2021)
For more information visit the RFC page: Request for Comments.
- Brazil Regional Engagement Board
Regional Engagement Boards bring together leaders in key global markets to serve as advisors to the PCI SSC on payment data security issues. Beginning 1 November, PCI SSC will be accepting nominations for the 2022-2023 Brazil Regional Engagement Board. Learn more here: Brazil Regional Engagement Board
Visit the PCI SSC website for more information on all of the PCI Council’s efforts and activities including how your organization can attend the next PCI SSC forum and join the global cross-industry effort to increase payment security.
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.