Press Release

PCI Security Standards Council Invites Industry Collaboration on PCI Data Security Standard Version 4.0

Evolution of PCI Standards Key Theme at PCI Europe Community Meeting in Dublin

DUBLIN, 24 October 2019 — Members of the global payments industry convened in Dublin this week at the PCI Europe Community Meeting, an annual PCI Security Standards Council (PCI SSC) forum for knowledge sharing and collaboration on payment security standards and solutions. Evolving PCI Security Standards to support changes in payments, technology and security was a driving theme at the meeting, with the Council inviting stakeholders to review and provide feedback on a working draft of the next version of the PCI Data Security Standard (PCI DSS v4.0) in a request for comments (RFC) period scheduled to start at the end of October.

“In order to deliver on our mission to enhance global payment security we must continue to evolve PCI Standards to ensure they meet the needs of the industry and support and enable safe commerce,” said PCI SSC Executive Director Lance Johnson in his keynote address.

“Global industry participation is critical to developing the next generation of security standards and evolving them to support a quickly changing world of payments,” added PCI SSC Chief Technology Officer Troy Leach. “This is where the request for comments process plays such an important part. With PCI DSS v4.0 we are excited for the first time to share an early draft so that stakeholders can actively collaborate on the standard and help us ensure it continues to provide the critical foundation for securing payment data in a rapidly evolving ecosystem.”

Read PCI Perspectives Blog post How the Council is Evolving to Secure Payments for additional insights from Leach.

The PCI DSS v4.0 RFC is scheduled to begin on 28 October and is open to PCI SSC Participation Organizations (POs), Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs).

For more information about PCI DSS v4.0 and the upcoming RFC, read PCI Perspectives Blog post 5 Questions About PCI DSS v4.0.

“Regional involvement and perspectives help ensure that PCI Standards are truly global. The PCI DSS v4.0 RFC is an excellent opportunity for European stakeholders to contribute their feedback to the development of this critical standard for safeguarding payment data around the world,” said PCI SSC International Director for Europe, Jeremy King.

Additional PCI SSC initiatives highlighted at the meeting included the newly available PCI Software Security Framework (SSF), and a new contactless standard for solutions that enable “tap and go” transactions on merchant smartphones and other commercial-off-the shelf (COTS) mobile devices, which the Council expects to publish in December.

For more highlights from the PCI Europe Community Meeting, visit the PCI Perspectives Blog.

About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.