PCI Security Standards Council®

Special Interest Groups

PCI SSC Special Interest Groups (SIGs) are community-driven initiatives that focus on payment security challenges related to PCI Security Standards.

The 2021 SIG proposal period has now closed. PCI SSC will review and consolidate proposals, and SIG candidates will provide presentations for Participating Organization review via the PO portal. The SIG election will open via the PO portal on Monday 9 November and run through to Monday 30 November 2020.

Special Interest Group (SIG) Proposals FAQ

Who can propose a SIG?

Participating Organization (PO) Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV), Qualified Pin Assessor (QPA), Card Production Security Assessor or PCI Council Member* may propose a Special Interest Group during the proposal period.

* PCI Council Members is defined as PCI SSC Staff, Payment Brands, Affiliate Members or Strategic Members.

What are some of the areas that SIGs have covered in the past? What topics are appropriate for SIG projects?"

Special Interest Group (SIG) initiatives focus on specific payment security challenges that the PCI community wants guidance on addressing. Recent SIG topics include: Cloud Computing, Best Practices for Securing E-Commerce, Third-Party Security Assurance, Best Practices for Maintaining PCI DSS Compliance, Protecting Telephone-based Payment Card Data, and PCI DSS for Large Organizations.

SIG work may provide clarification on specific requirements within a PCI Security Standard, examine how PCI Security Standards work within a given industry or environment, or cover any other area that supports PCI SSC’s mission of raising awareness and increasing adoption of PCI Security Standards. Since the PCI SSC is focused on providing tools and resources to secure payment card data within the current payment system, and must also operate within a strict anti-trust framework, a focus outside of the current payment system is beyond our scope and would not be an appropriate topic for a PCI SSC SIG project.

Given that version 4.0 of the PCI Data Security Standard (PCI DSS v4.0) is currently in development, topics related to PCI DSS will not be considered for 2021 SIG projects.

Who will lead the SIGs?

A PCI SSC representative will chair, lead and project manage SIG work. This collaboration allows SIG volunteers to focus on contributing subject matter expertise and developing content, without responsibility for logistical matters. This structure also ensures continued alignment between SIG contributions and PCI SSC direction.

While PCI SSC provides support and facilitates the SIG process, it is the active participation and contributions by stakeholders that make a SIG successful. Participating in the SIG process, whether submitting a proposal, voting for a proposal, or serving as a lead contributor to a SIG deliverable, is one of the best ways PCI stakeholders can take part in our mission to increase payment data security globally.

How will SIGs be chosen?

SIGs will be chosen directly by the Participating Organization membership, which represents merchants, financial institutions, vendors, associations, and payment processors. This ensures that the stakeholders involved in implementing and supporting the PCI Security Standards can select which SIG projects would be most beneficial to their needs.

At the close of the submission period on 21 September 2020, the PCI SSC will review and consolidate proposals, and SIG candidates will provide presentations for Participating Organization review via the PO portal.

The SIG election will open via the PO portal on Monday 9 November and run through to Monday 30 November 2020. Participating Organizations will be able to select and prioritize at least two and a maximum of three SIG proposals. The results will be shared upon completion of the election process, and PCI SSC will work with the selected groups to create charters prior to the commencement of the new SIGs.

Current Active SIG

Thank you to Participating Organizations that took part in the Special Interest Group (SIG) project selection process. Participating Organizations chose Best Practices for Cloud Cryptographic Services as our 2020 SIG initiative!

Involvement in the SIG is a great way to provide your expertise to the PCI Council and help develop practical payment security resources for the industry.

Participants are expected to actively participate and contribute on scheduled calls, as well as provide expertise and share experience in cloud technologies and infrastructure, cryptography, key management, HSMs, cloud-based cryptographic services, and PCI SSC Standards.

If you are a Participating Organization, QSA (including PA-QSA, P2PE QSA, 3DS Assessor and PFI), CPSA, QPA, ASV or Affiliate Member and would like to join this SIG, please click the ‘Register’ button below and complete the interest form.


REGISTER HERE

Our website uses both essential and non-essential cookies (further described in our Privacy Policy) to analyze use of our products and services. By clicking “ACCEPT” below, you are agreeing to our use of non-essential cookies to provide third parties with information about your usage and activities. If you click “DECLINE” below, we will continue to use essential cookies for the operation of the website.