From 22 July to 20 August 2019, PCI SSC stakeholders can participate in a Request for Comments (RFC) on the draft PCI Contactless Payments on COTS (CPoC) Standard. RFC periods are avenues for PCI SSC stakeholders to provide feedback on existing and new PCI Security Standards.
Did you know that the Frequently Asked Questions (FAQ) resource on the PCI SSC website is updated regularly to address common questions the PCI SSC receives from stakeholders? This searchable tool includes a library of questions and answers on a variety of topics across PCI Security Standards and programs.
PCI SSC has announced the rollout of the Secure Software Lifecycle (Secure SLC) and Secure Software Programs. These new validation programs are intended for use by payment software vendors to demonstrate that both their development practices and their payment software products address overall software security resiliency to protect payment data.
The PIN Security Requirement 18-3 Key Blocks Information Supplement provides a series of FAQs to help PIN acquiring entities with implementation of key blocks in accordance with requirement 18-3 in the PCI PIN Security Requirements v3.0. It is supplemental to the PCI SSC Cryptographic Key Blocks Information Supplement.
Who will be eligible to conduct assessments under the PCI Software Security Framework? How will the assessor qualification process work? When will training be available?
PCI SSC is in the process of launching a new program to train and qualify security professionals to perform assessments using the Card Production Security Standards. Gill Woodcock, Senior Director of Certification Programs, provides an update on this effort and how it will improve the security of payments.