Security News

The PCI Security Standards Council published a new standard designed to support the evolution of mobile payment acceptance solutions. PCI Mobile Payments on COTS builds on the existing PCI Software-based PIN Entry on COTS and PCI Contactless Payments on COTS Standards, which individually address security requirements for solutions that enable merchants to accept cardholder PINs or contactless payments using a smartphone or other commercial off-the-shelf mobile device.

The PCI Security Standards Council and the National Cybersecurity Alliance issued a joint bulletin on the increasing threat of ransomware attacks. The high-profile ransomware attacks in 2021 have been part of a larger global increase in ransomware crime.

The updated standard helps payment card vendors secure the components and sensitive data involved in the production of payment cards, protecting against fraud via the compromise of card materials. PCI Card Production and Provisioning Security Requirements version 3.0 ensure the strongest protections for customer payment information during card production and provisioning.

The PCI SSC published the latest version of its device security standard for Hardware Security Modules. The PCI PIN Transaction Security Hardware Security Module Modular Security Requirements Version 4.0 ensures that HSM devices provide the strongest protection for critical data elements used in card verification, PIN processing, chip transaction processing, payment card personalization, secure cryptographic key loading, remote HSM administration and other payment authentication activities.

Version 1.1 of the PCI Secure Software Standard introduces the Terminal Software Module, a new security requirements module for payment software intended for deployment and operation on PCI-approved PIN Transaction Security Point-of-Interaction devices. "The PCI Secure Software Standard is designed to offer a more flexible approach to how we test the security and integrity of payment software," said Emma Sutcliffe, SVP Standards Officer, PCI Security Standards Council.

The PCI Security Standards Council has published version 1.1 of the PCI Secure Software Lifecycle Standard and its supporting program documentation. The PCI Secure SLC Standard is one of two standards that are part of the PCI Software Security Framework.

The PCI Security Standards Council has updated the standard for payment devices to enable stronger protections for cardholder data. The PCI PIN Transaction Security Point-of-Interaction Modular Security Requirements 6.0 enhances security controls to defend against physical tampering and the insertion of malware that can compromise card data during payment transactions.

In December, PCI SSC plans to publish a new standard for solutions that enable "tap and go" transactions on merchant smartphones and other commercial off-the shelf mobile devices. Troy Leach, the...

The PCI Security Standards Council (PCI SSC) launched a new assessor qualification program to support the PCI Software Security Framework (SSF), a collection of standards and programs for the...

The PCI Security Standards Council (PCI SSC) announced two new validation programs for use by payment software vendors to demonstrate that both their development practices and their payment...