Recent Posts

3 Things to Know About P2PE v3.0

The PCI P2PE Standard provides a comprehensive set of security requirements for validation of P2PE solutions, applications and components to protect payment card data. Expected in December of 2019, the P2PE v3.0 Standard and Program have been streamlined to facilitate a greater degree of flexibility for industry stakeholders as well as to improve the assessment process. 

Read More

PCI Standards in 2019: Q&A with CTO Troy Leach

What do stakeholders need to know about PCI Security Standards in 2019? PCI SSC Chief Technology Officer Troy Leach provides an update on what to expect for changes to existing standards and a look at those in development this year.  

Read More

What’s Next for the PCI P2PE Standard?

What happens next with the PCI Point-to-Point Encryption (P2PE) Standard? PCI SSC Chief Technology Officer Troy Leach provides an update.

Read More

New PCI Software-Based PIN Entry on COTS Standard

The PCI SSC has announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf devices (COTS), such as smartphones and tablets. The PCI Software-Based PIN Entry (SPoC) Standard provides a software-based approach for protecting PIN entry on the wide variety of COTS devices in the market today. The security requirements are for solution providers to use in developing secure solutions that enable EMV contact and contactless transactions with PIN entry on the merchant’s consumer device using a secure PIN entry application in combination with a Secure Card Reader for PIN (SCRP). Here we talk with PCI SSC Chief Technology Officer Troy Leach about the new standard, what makes it different than other PCI PIN Standards, and how it’s designed to secure payment data.

Read More

What do new PCI DSS SAQ changes mean?

This is a guest post from the PCI Security Standards Council. It was originally published on the PCI Perspectives Blog as an interview with PCI SSC Senior Director of Data Security Standards, Emma Sutcliffe.

Self-Assessment Questionnaires (SAQ) are forms used by eligible organizations to report the results of a PCI Data Security Standard (PCI DSS) self-assessment. Earlier this year, the PCI Security Standards Council (PCI SSC) issued revised SAQs for use with PCI DSS version 3.2. In this Q&A with PCI SSC Senior Director of Data Security Standards Emma Sutcliffe, we look at what merchants need to know about new updates to the SAQs.

Read More