PCI Perspectives

  We are pleased to welcome the newest organizations that have joined as Associate Participating Organizations of the PCI Security Standards Council (PCI SSC). These organizations play a crucial role in supporting the evolution of the PCI security standards and programs and promoting the implementation of PCI security standards worldwide to protect payment data. We look forward to their involvement with the Council as we help secure the future of payments.  

Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for payment security industry stakeholders to exchange information about how they are adopting and implementing artificial intelligence (AI) into their organizations. 

The PCI Security Standards Council (PCI SSC) has released a new information supplement, PCI DSS v4.x: Guidance for Compensating Controls and the Customized Approach. The document provides practical guidance to help assessed entities and assessors navigate two options in PCI DSS v4.x that provide flexibility but are often misunderstood – the use of compensating controls and the customized approach. PCI SSC developed this guidance in collaboration with industry stakeholders, including the Global Executive Assessor Roundtable (GEAR) and the Board of Advisors (BOA). 

  Welcome Dreamplug Technologies Private Limited, operating under the brand name CRED, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! In this special spotlight edition of our PCI Perspectives Blog, CRED CISO, Himanshu Kumar Das, introduces us to his company and how they are helping to shape the future of payment security.  

  From 3 June to 20 July, eligible PCI SSC stakeholders are invited to review and provide feedback on the currently published PCI Data Security Standard (PCI DSS) v4.0.1 during a six-week request for comments (RFC) period.    

Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for payment security industry stakeholders to exchange information about how they are adopting and implementing artificial intelligence (AI) into their organizations.

  Welcome to our podcast series, Coffee with the Council. I’m Alicia Malone, Director of Communications and Public Relations for the PCI Security Standards Council. In today’s episode, I’m excited to announce that the Council will open the nomination period for the next Global Executive Assessor Roundtable on June 1st. This roundtable, or GEAR as it’s known, represents the perspectives of the PCI assessor community. Joining me to discuss what all of this means and how you can participate is the Council’s own Chelsea Lopez, Client Engagement Operations Director. Welcome, Chelsea!

The PCI Security Standards Council (PCI SSC) has published a major revision to the PCI PIN Transaction Security (PTS) Hardware Security Module (HSM) Modular Security Requirements from version 4.0 to version 5.0. This update represents a significant evolution in HSM security, addressing modern cryptographic practices, cloud and multi-tenant deployments, and emerging threats such as post-quantum risks.  

  From 15 May to 15 June, eligible PCI SSC stakeholders are invited to review and provide feedback on the draft PCI Secure Software Lifecycle Standard v2.0 during a 30-day request for comments (RFC) period.   

  Welcome Worldline, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! In this special spotlight edition of our PCI Perspectives Blog, Worldline Head of PCI Program, Isil Ugurlu, introduces us to her company and how they are helping to shape the future of payment security.