At Annual Event for Payments Industry Stakeholders in Asia-Pacific, PCI SSC Highlights Key Initiatives for Enhancing Global Payment Security, Including New Contactless Standard Coming in December 2019
MELBOURNE, Australia, 21 November 2019 — Contactless payment acceptance was a key discussion topic among payments industry stakeholders at this week’s PCI Security Standards Council (PCI SSC) Asia-Pacific Community Meeting in Australia, an annual forum for knowledge sharing and collaboration on payment security standards and solutions. PCI SSC updated attendees on a new contactless standard planned for release in December, as well as other initiatives for enhancing global payment security.
In his keynote address, PCI SSC Executive Director Lance Johnson outlined the strategic framework guiding the development of PCI SSC initiatives and emphasized the importance of industry collaboration.
“In order to deliver on our mission to enhance global payment security we are continuing to evolve PCI Standards and develop new standards, programs and related resources to help secure the acceptance and processing of new card-rooted payment channels, such as mobile. Continued involvement and participation from the global payments industry is critical to this effort,” he said.
PCI SSC Engagement Officer Troy Leach updated attendees on how the Council is evolving its standards to secure emerging payment channels, and specifically its plans for a new contactless standard.
“PCI SSC has supported contactless for several years within our standards for payment hardware. In December, the Council will publish a new standard for solutions that enable “tap and go” transactions on merchant smartphones and other COTS mobile devices. This Contactless Payments on COTS (CPoC™) Standard increases the diversity of payment acceptance that PCI SSC supports.” Read PCI Perspectives Blog post Evolving PCI Standards and Validation for additional insights from Leach.
Other PCI SSC initiatives highlighted at the meeting were the newly available PCI Software Security Framework (SSF), an update to PCI Point-to-Point Encryption (P2PE) Standard to be released in December and PCI Data Security Standard Version 4.0 (PCI DSSv4.0), which is currently in development. PCI SSC stakeholders in Asia-Pacific and around the world are invited to review and provide feedback on a working draft of PCI DSS v4.0 in a request for comments (RFC), which is open through 13 December.
PCI SSC Standards Officer Emma Sutcliffe provided key insights into goals for PCI DSS v4.0 and emphasized the importance of industry involvement in its development, saying “PCI SSC stakeholder feedback will directly contribute to the evolution of the standard, including consideration of proposed new requirements. We hope all interested parties will participate in the RFC.”
For information on how to participate in the RFC, read PCI Perspectives Blog post Request for Comments: PCI DSS Version 4.0.
To learn more about PCI SSC initiatives discussed at the meeting, visit the PCI Perspectives Blog.
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.