Multi-Day Virtual Event Also Featured Guidance from the Council and Payment Security Experts on Challenges Faced in 2020
WAKEFIELD, Mass., 9 October 2020 — More than 1,800 stakeholders attended the North America Community Meeting, which provides a forum for leaders in the payment security industry to share knowledge, collaborate and promote understanding and adoption of PCI Security Standards and Programs. The multi-day virtual event, moderated by BBC America Anchor Katty Kay, featured insights into the development of the PCI Data Security Standard (PCI DSS) v4.0, addressed payment security challenges stemming from the COVID-19 pandemic, and the growing importance of software security. Experts included keynote speakers Dr. Jessica Barker and F.C., co-founders of Cygenta, who spoke about the increasing cyber threats during the COVID-19 pandemic.
“2020 has been a year of global challenges that have impacted every stakeholder in the payment security landscape. The Council listened to the industry and has provided guidance and adapted programs to help the industry address those challenges,” says Executive Director Lance J. Johnson. “While many of the challenges we experienced have been new and different, the Council’s mission remains the same – to support the needs of the global payments industry and enhance global payment account data security.”
The event featured a four-part series dedicated to sharing insights about how industry feedback has helped shape the current draft PCI DSS v4.0. The flagship payment data security standard is currently open for stakeholders to provide feedback during a request for comments period. Emma Sutcliffe, SVP, Standards Officer notes: “Stakeholder feedback plays an integral role to ensure that the PCI DSS continues to meet the needs of the global payment card industry. The standard is being updated to address this feedback and to support a range of environments and technologies. The draft also includes a new customized approach that will provide organizations more flexibility for meeting the security objectives of PCI DSS requirements.” For more information read PCI Perspectives Blog: Request for Comments: PCI DSS Version 4.0 Draft Standard
Other key topics discussed at the meeting included:
- PCI SSC Response to COVID-19 Challenges
PCI SSC collaborated with industry leaders and listened to stakeholder feedback related to the impacts of the pandemic to the global payments industry. In turn, the Council took action by providing supporting resources on such topics as how to perform remote assessments, extending expiry dates and deadlines and moving all in-person training to an online format. Resources can be found on the PCI Perspectives Blog, and on the newly-created hub of resources the Council created to keep the industry informed of these updates. View the PCI SSC COVID-19 Resource Page.
- PCI Software Security Framework
When the Payment Application Data Security Standard (PA-DSS) program ends on 28 October 2022, it will be replaced by the Software Security Framework. This framework standardizes and consolidates software security principles and practices for payment software and software development entities under a single requirements architecture with supporting validation and listing programs. The Council discussed the growing importance of software security and how the two programs compare, shared key timelines, and offered suggestions on how organizations can prepare for the transition.
- Upcoming Request for Comments
In addition to the PCI DSS v4.0 Request for Comment (RFC), which is currently open, the Council has two additional RFCs planned for the November/December 2020 timeframe: Card Production v3 Draft Standard and PTS HSM v4 Draft Standard. For more information visit the RFC page: Request for Comments.
- Updates to Standards
To help address the accelerating changes to payment security, the Council published updates to the PCI PIN Transaction Security (PTS) Point-of-Interaction (POI) Modular Security Requirements v6.0 and the PCI Software-based PIN Entry on COTS (SPoC) Standard. Before the end of the year, the Council will publish version 3.1 to the PIN Standard which is being updated based on feedback provided by the industry via an RFC period earlier this year.
- Board of Advisor Nomination Period
The 2021-2022 Board of Advisors nomination period runs until 26 October 2020, followed by the election period from 9-20 November 2020. The Board of Advisors represents PCI Security Standards Council (PCI SSC) Participating Organizations worldwide to ensure global industry involvement in the development of PCI Security Standards. For more information visit the PCI Perspectives Blog: Make a Difference: Serve on the 2021-2022 PCI SSC Board of Advisors
Visit the PCI SSC website for more information on all of the PCI Council’s efforts and activities including how your organization can attend the next PCI SSC Community Meeting and join the global cross-industry effort to increase payment security.
Save the date for the next two virtual PCI SSC Community Meetings:
- Europe Community Meeting: 20 – 23 October
- Asia-Pacific Community Meeting: 4 – 6 November
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.