PCI Perspectives

  Welcome to our podcast series, Coffee with the Council. I’m Alicia Malone, Director of Communications and Public Relations for the PCI Security Standards Council. As many of our listeners are aware, we are quickly approaching the deadline to adopt the future-dated requirements of PCI DSS version 4.0.1 on March 31st, 2025. Over the course of the last year, the Council has received feedback that more guidance was needed to properly implement some of the e-commerce security requirements in the standard, particularly Requirements 6.4.3 and 11.6.1. As such, the Council has released several pieces of guidance this year, including updates to Self-Assessment Questionnaire A, an FAQ related to SAQ A eligibility criteria, and of course, the highly anticipated guidance developed by our E-commerce Guidance Task Force. Joining me today to walk through all this new guidance is Lauren Holloway, Director of Data Security Standards at PCI SSC. Welcome, Lauren.

  After nearly 15 years at PCI Security Standards Council (PCI SSC), Jeremy King, Regional VP, EMEA, retires this month. In this blog, we interviewed Jeremy about his career at the Council and in the payments industry, the most rewarding aspects of his career, and the most significant changes he has witnessed over time in securing payment data.

  The PCI Security Standards Council is calling on experts in the payments industry to apply to speak at the 2025 Asia-Pacific Community Meeting. The 2025 Asia-Pacific Community Meeting will take place in Bangkok, Thailand on 5-6 November. This is your chance to contribute to global discussions surrounding the protection of payment data.

  Artificial intelligence (AI) is transforming industries, and the PCI Security Standards Council (PCI SSC) has introduced new guidance to support the responsible use of AI in PCI assessments. The guidance provides a balance between leveraging the benefits of AI while maintaining the high standards of security that protect payment card data worldwide.

The opportunity for your voice to be heard is here. Now is your chance to help transform the future of payment security by electing representatives to the 2025-2027 PCI SSC Board of Advisors during the election period, 17-28 March 2025.

  Welcome U.S. Bank, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! In this special spotlight edition of our PCI Perspectives Blog, U.S. Bank’s VP PCI Program Management, Richard Mann, introduces us to his company and how they are helping to shape the future of payment security.  

  The PCI Security Standards Council (PCI SSC) has introduced a new information supplement: “Payment Page Security and Preventing E-Skimming – Guidance for PCI DSS Requirements 6.4.3 and 11.6.1”. This document provides direction for merchants and service providers implementing controls to protect payment card data during e-commerce transactions.

  The PCI Security Standards Council is calling on experts in the payments industry to apply to speak at the 2025 North America and/or Europe Community Meetings. This is your chance to contribute to global discussions surrounding the protection of payment data.

  We are pleased to welcome the newest organizations that have joined as Associate Participating Organizations of the PCI Security Standards Council (PCI SSC). These organizations play a crucial role in supporting the evolution of the PCI security standards and programs and promoting the implementation of PCI security standards worldwide to protect payment data. We look forward to their involvement with the Council as we help secure the future of payments.  

The PCI Security Standards Council (PCI SSC) is pleased to announce the release of a Frequently Asked Question (FAQ), developed in direct response to industry requests for greater clarity on the new eligibility criteria for the recently revised Self-Assessment Questionnaire (SAQ) A. This update reflects our commitment to supporting the e-commerce community by providing clear, actionable guidance to help businesses meet new requirements under PCI DSS v4.0.1, which take effect on 1 April 2025.