Payment Security Industry Leaders Collaborate to Help Protect Payment Data and Discuss Evolving Technologies
BARCELONA, 10 October 2024 — More than 600 in-person and online stakeholders from Europe and around the world convened this week in Barcelona for the Payment Card Industry Security Standards Council (PCI SSC) Europe Community Meeting. The multi-day event focused on updates in payment security standards and programs, and provided industry stakeholders with opportunities to learn, share, network, and discuss the current state of payment security.
A top priority for the PCI SSC at this year’s meeting was to provide insights and answer stakeholder questions regarding the March 2025 deadline to adopt the 51 future-dated requirements of PCI DSS v4.0. Additionally, the Council held presentations on its Software Security Framework Standards, enhancements made to its Point-to-Point Encryption (P2PE) Program, and the upcoming release of version 1.1 of its Mobile Payments on COTS (MPoC) Standard. The Council also continues to look for ways to foster collaboration among its global stakeholders. New this year, the Council offered optional workshops to enhance the Community Meeting experience. The workshops gave attendees the opportunity to take a deep dive into Assessment Evidence Collection Techniques and Approaches for Monitoring Third-Party Service Providers with subject matter experts.
“One of the most important aspects of the PCI standards and programs is that they are global. The meeting in Barcelona is critical to ensure that the Council’s standards remain relevant for European merchants and others involved in payment security,” said PCI SSC VP, EMEA, Jeremy King. “This year, at the Community Meetings, the Council announced its intent to consolidate and align its standards portfolio, to make it easier for people working within the purview of multiple standards to meet their obligations. As our standards evolve, it is more important than ever to have payment industry stakeholders from Europe and around the world at the table to lend their insights and expertise to this endeavor.”
“The Community Meetings are an essential part of enhancing collaboration with our stakeholders through face-to-face discussions and networking opportunities. It is so important that we are sharing information and learning from each other when it comes to how our standards address emerging technologies and an ever-changing threat landscape,” said PCI SSC Executive Director Gina Gobeyn. “This meeting in Barcelona underscored just how critical global industry collaboration is to our mission of securing payment data worldwide.”
Top of mind for many in the industry is the 31 March 2025 deadline to adopt the 51 future-dated requirements of PCI DSS v4.0. On-stage PCI DSS v4.0 presentations highlighted some of the many resources to help the industry with this transition:
PCI DSS v4.x Resources
- PCI DSS v4.0.1 Published: To address stakeholder feedback and questions received since PCI DSS v4.0 was published in March 2022, PCI SSC published a limited revision to the standard, PCI DSS v4.0.1, which includes corrections to formatting and typographical errors and clarifies the focus and intent of some of the requirements and guidance. There are no additional or deleted requirements in this revision.
- New ROC Template: PCI SSC released a new Report on Compliance template for v4.0.1 to align with the standard, to address minor errors, and to reformat the template. PCI SSC also addressed feedback from stakeholders regarding usability and performance.
- New Resource Guide: Vulnerability Scans and Approved Scanning Vendors: This new resource guide is intended for anyone with questions about ASV scans, with a focus on SAQ A merchants completing PCI DSS Requirement 11.3.2 for the first time. In this resource guide, PCI SSC shares key considerations, educational resources, and frequently asked questions to help better understand PCI DSS Requirement 11.3.2, which requires evidence of passing external scans, performed by an ASV, at least once every three months.
Visit the PCI SSC website for more information on all the PCI Council’s efforts and activities including how your organization can attend the next PCI SSC event and join the global cross-industry effort to increase payment security.
Register now to attend the next PCI SSC event:
- Asia-Pacific Community Meeting: 20-21 November in Hanoi, Vietnam
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with PCI SSC on LinkedIn. Join the conversation on Instagram and X (formerly Twitter) @PCISSC. Subscribe to the PCI Perspectives Blog. Listen to the Coffee with the Council podcast.
###