Recent Posts

Protecting Payments While Working Remotely

PCI SSC is dedicated to providing necessary guidance to the payments industry during evolving circumstances related to COVID-19. The current climate is forcing more global organizations to a remote-work model. As organizations make this shift, it is important to maintain security practices to protect payment card data. The following are excerpts related to remote work best practices taken from the PCI SSC Information Supplement “Protecting Telephone-Based Payment Card Data”.

Read More

3 Things to Know About P2PE v3.0

The PCI P2PE Standard provides a comprehensive set of security requirements for validation of P2PE solutions, applications and components to protect payment card data. Expected in December of 2019, the P2PE v3.0 Standard and Program have been streamlined to facilitate a greater degree of flexibility for industry stakeholders as well as to improve the assessment process. 

Read More

PCI Standards in 2019: Q&A with CTO Troy Leach

What do stakeholders need to know about PCI Security Standards in 2019? PCI SSC Chief Technology Officer Troy Leach provides an update on what to expect for changes to existing standards and a look at those in development this year.  

Read More

What’s Next for the PCI P2PE Standard?

What happens next with the PCI Point-to-Point Encryption (P2PE) Standard? PCI SSC Chief Technology Officer Troy Leach provides an update.

Read More

New PCI Software-Based PIN Entry on COTS Standard

The PCI SSC has announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf devices (COTS), such as smartphones and tablets. The PCI Software-Based PIN Entry (SPoC) Standard provides a software-based approach for protecting PIN entry on the wide variety of COTS devices in the market today. The security requirements are for solution providers to use in developing secure solutions that enable EMV contact and contactless transactions with PIN entry on the merchant’s consumer device using a secure PIN entry application in combination with a Secure Card Reader for PIN (SCRP). Here we talk with PCI SSC Chief Technology Officer Troy Leach about the new standard, what makes it different than other PCI PIN Standards, and how it’s designed to secure payment data.

Read More