Retail Technology
| Log in | Subscribe
Subscribe | Log in
Retail Technology
Subscribe

Best practices for maintaining PCI DSS compliance and third party security assurance selected for security standard Special Interest Groups

Credit card lockBest practices for maintaining PCI DSS compliance and third party security assurance selected for security standard Special Interest Groups

 

The Payment Card Industry (PCI) community has voted to focus two new Special Interest Groups (SIGs) on PCI Data Security Standards (DSS) compliance best practice and third party security assurance next year.

 

The PCI Security Standards Council (PCI SSC) revealed results of its annual SIG elections, saying these two new groups will now draw on the expertise of more than 650 PCI SSC Participating Organisations and provide a vehicle for incorporating their ideas and input into the work of the Council.

 

Building on previous achievements

 

To date SIG participants have already contributed on topics such as risk assessment, wireless security, EMV chip, point-to-point encryption and virtualised environments.

 

“The community had to choose between seven excellent proposals from their peers, so it was certainly not an easy decision,” said Bob Russo, PCI SSC general manager.

 

“We were pleased that once again we had a strong number of Participating Organisations participate in the election to identify the areas that they most need guidance around when it comes to protecting their card data.”

 

It is now inviting any PCI SSC community members interested in participating in one of these SIG projects to indicate their interest by filling out the web form on the PCI SSC website by 15 December 2012.

 

Community urged to get involved

??????

“With interesting topics like these that so many of our stakeholders have experience with, various perspectives from different industries and geographies will be invaluable. We strongly encourage anyone with expertise or interest in these areas to get involved,” added Jeremy King, PCI SSC European director.

 

Before the end of the year Council SIG leads will convene each group to formalise their charters and precise scope of work, with SIGs anticipated to start work in the beginning of 2013.

 

The election also brings in a new SIG structure for 2013 that is designed to allow for the Council's focus on updating and delivering the new version of the PCI DSS and the Payment Application Data Security Standard (PA-DSS) and to balance resources accordingly. Both groups will commence in January, but their deliverables will be staggered, with the third party security assurance guidance published in 2013 and best practices for maintaining PCI DSS compliance to follow in 2014.