As a sign of how broad is the use of ‘plastic’, the Payment Card Industry Security Standards Council (PCI SSC) new advisory board has people from banks, retailers such as Walmart, Amazon and Starbucks, and businesses that take credit card payments such as hotels and Walt Disney.
PCI SSC International Director – Europe, Jeremy King, said: “New payment methods are coming online at an ever-increasing rate, which his great for consumers, but creates new opportunities for cybercriminals. That is why international cooperation is so important. The PCI SSC is fortunate to have a fantastic new Board with members from every region of the world providing valuable intelligence and wisdom on evolving payments and security. Only by working together internationally can we stay a step ahead of the cyber criminals. We are fortunate to have such a talented group to serve on our Board of Advisors and provide us valuable guidance.”
The Council – which takes in merchants, vendors, payment processors, financial institutions, and trade associations – is running three meetings worldwide this year, in Vancouver in September; in Dublin in October and Melbourne, Australia in November.
The Council has published new requirements for the secure design and development of payment software. The PCI Secure Software Standard and the PCI Secure Lifecycle (Secure SLC) Standard are part of a new PCI Software Security Framework, which includes validation for software vendors and their products and a qualification for assessors. These are due to launch later in 2019.
PCI SSC Chief Technology Officer Troy Leach said: “Innovation in payments is moving at an incredible pace. Each advancement provides the industry the opportunity to develop applications more quickly and efficiently than before and to design software for new platforms for payment acceptance. The new PCI Secure Software Standard and PCI Secure SLC Standard support this evolution in payment software practices by providing a dynamic way for developers to demonstrate their software protects payment data for the next generation of applications.”
Background
The US-based Council’s founding members in 2006, American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc., have agreed to incorporate the PCI Data Security Standard (PCI DSS) as part of the technical requirements for each of their data security compliance. PCI DSS applies whether you transmit or take payment card data; and covers physical security of sites, IT assets and business processes for payment card processing; and storage of cardholder data only if absolutely necessary. Organisers stress that PCI DSS is a process, not a one-off; hence in 2018 PCI DSS reached version v3.2.1. Visit https://www.pcisecuritystandards.org.
