Payment Card Industry Focuses On The Future Of Payment Security
BARCELONA, Spain, 26 October 2017 – More than 600 payment card industry stakeholders from around the world convened this week for the Payment Card Industry Security Standards Council (PCI SSC) Europe Community Meeting, an annual forum to discuss ongoing developments in global payment data security standards that help businesses detect, mitigate and prevent criminal attacks and breaches.
A key priority for the PCI SSC and its stakeholders is leveraging advancements in technology and payments to evolve data security standards, while also helping the industry to combat threats and address areas where businesses are most vulnerable to payment data breaches. Updates discussed at the meeting include:
- PCI 3DS Security Standards: This week the PCI SSC announced two new security standards to support secure implementation of EMVCo’s EMV® 3-D Secure (3DS) protocol. EMV® 3DS helps prevent unauthorized card-not-present (CNP) transactions. Together the work of EMVCo and PCI SSC ensures an agile and workable structure is established for both functional testing and security evaluation of EMV® 3DS solutions.
- PCI Software-Based PIN Entry on COTS Standard: The PCI SSC is developing a security standard for software-based PIN entry on commercial off-the-shelf (COTS) devices, such as consumer-grade mobile phones or tablets. The standard will help mobile solution providers to develop products that enable merchants to securely accept PIN-based payments with the PIN entered on a COTS device. As part of the standard development process, this week the PCI SSC opened a 30-day request for comments (RFC) period for PCI SSC stakeholders to review and provide feedback on the draft standard.
- PCI Software Security Framework: The PCI SSC is developing a software security framework consisting of two new standards and supporting programs to address secure design and development of modern payment software. The draft standards will be shared with PCI SSC stakeholders for feedback later this year.
- Payment security resources for merchants: This week, the PCI SSC launched a new microsite with resources for educating merchants on payment data security essentials.
Additional highlights from the Europe Community Meeting are available here: https://blog.pcisecuritystandards.org/topic/community-meetings
“The meeting in Barcelona this week brought together some of the best payment data security minds in Europe for a robust discussion on the future of payments. We leave the Community Meeting united in our efforts to improve data security through people, process and technology,” said PCI SSC International Director Jeremy King.
“We are in an exciting period of time at the PCI Security Standards Council,” added PCI SSC Chief Technology Officer Troy Leach. “Technology is advancing quickly to accept payments in new ways. We’ve also seen innovation in how we secure data and demonstrate that security. That is evident in all the new standards and approaches we discussed here at the Community Meeting this week. There has been great engagement from everyone on how we can collaborate together as an industry to address the next generation of payment security.”
PCI SSC Chief Operating Officer Mauro Lance highlighted the importance of cybersecurity training and education for the payment card industry: “A well trained workforce is one of the best defenses against cyberattacks, said Lance. “So many attacks we see in the news are preventable with the right training and skills. We are committed to continue evolving PCI SSC training programs based on feedback to support the industry in securing payment data.”
About the PCI Security Standards Council
The PCI Security Standards Council is a global forum that is responsible for the development, management, education, and awareness of the PCI Security Standards to increase payment data security. Connect with the PCI Council on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.