The Payment Card Industry (PCI) Security Standards Council must take the lead in developing a collaborative approach with merchants in defining more open standards for future PCI Data Security Standard (DSS) requirements, stressed NACS (the National Association of Convenience Stores) and several other trade associations in a June 8 letter to the Council. READ MORE

Hypercom, Ingenico, and VeriFone have announced the formation of the Secure POS Vendor Alliance - SPVA, a non-profit business organization chartered with implementing common payment security standards among vendors of secure point-of-sale (POS) devices used by retailers, acquirers and cardholders alike. READ MORE

The US House of Representatives Subcommittee on Emerging Threats, Cybersecurity and Science and Technology is holding a hearing today on the subject: "Do the Payment Card Industry Data Standards Reduce Cybercrime?". Witnesses include representatives from the US Department of Justice, the Payment Card Industry Data Security Standards Council, Visa Inc., Michaels Stores, and the National Retail Federation. A webcast is available.

Heartland Payment Systems has announced that "it has formed an internal department dedicated exclusively to the development of end-to-end encryption to protect merchant and consumer data used in financial transactions. For the past year, Robert O. Carr, Heartland's chairman and chief executive officer, has been advocating for payments industry adoption of this technology - which will protect data at rest as well as data in motion - as an improvement for payment transaction security." READ MORE

With all of the news this week surrounding the payment card data breach at Heartland Payments Systems, we've added a new section to the Payments News Bookstore with several new books covering the topic of PCI-DSS (Payment Card Industry-Data Security Standard) compliance. If you're aware of any we've missed, please send us Feedback and we'll add them to the bookstore.

In addition to these books about the subject, the PCI Security Standards Council website is a great starting point for learning more about PCI-DSS.

The PCI Security Standards Council (PCI SSC) has announced that it has launched a quality assurance program for Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs). According to the PCI SSC, "the new program was designed to provide QSAs and ASVs with a set of requirements that helps ensure they provide consistent, quality validation and assessment services to merchants and service providers." READ MORE

The PCI Security Standards Council, the standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), has announced it will be offering a complimentary webinar, "Understanding PCI DSS Version 1.2,” to be held on Tuesday Nov. 25, 2008 at 11:30 a.m. EST and at 7:30 p.m. EST. The session will be repeated on Wednesday Dec. 17, 2008 at 10:30 a.m. EST and 8:30 p.m. EST. READ MORE

The PCI Security Standards Council (PCI SSC) has announced the general availability of version 1.2 of the Payment Card Industry Data Security Standard (PCI DSS). According to the Council, "this latest version is the culmination of two years of feedback and suggestions from its industry stakeholders and is designed to clarify and ease implementation of the foremost standard for cardholder account security. Version 1.2 is effective immediately and version 1.1 of the standard will sunset on Dec. 31, 2008. The updated standard and supporting documentation is available on the Council’s Web site at https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml." READ MORE

The PCI Security Standards Council (PCI SSC) has announced the availability of a summary of forthcoming changes to PCI DSS as it moves from version 1.1 to the previously announced version 1.2 in October. READ MORE

The PCI Security Standards Council has announced the timeline for the release of PCI DSS version 1.2, scheduled for availability in October 2008. According to the Council, the new version of PCI DSS will 'enhance the clarity of its technical requirements, offer improved flexibility and address new and evolving risks and threats.' READ MORE

The PCI Security Standards Council has announced a complimentary educational webinar, “Understanding the Payment Application Data Security Standard” on Thursday May 22, 2008 at 11:30 a.m. EDT with a second session scheduled the same day at 7:30 p.m. EDT. READ MORE

The PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (DSS), PCI PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), has announced the release of version 1.1 of the Payment Application Data Security Standard (PA-DSS). READ MORE

Taking on an expanded role, the PCI Security Standards Council has announced that it has also assumed responsibility for the PIN Entry Device (PED) Security Requirements that were previously administered under the auspices of JCB, MasterCard International and Visa International.

Avivah Litan from Gartner is out with a new note titled "New PCI Security Standards Council Needs More Power". From the abstract: "The Payment Card Industry Security Standards Council's newly elected Board of Advisors will help to improve stakeholder communication. But the advisors need voting power and expanded authority to resolve problems."

The PCI Security Standards Council (PCI SSC), an independent industry standards body providing management of the Payment Card Industry Data Security Standard (DSS) on a global basis, has announced the results of elections for the PCI SSC Board of Advisors. The Board of Advisors will represent the current roster of nearly 200 PCI SSC Participating Organizations and provide feedback to the ongoing enhancement of security standards managed by the Council.

The PCI Security Standards Council (PCI SSC), an independent industry standards body providing management of the Payment Card Industry Data Security Standard (DSS) on a global basis, has announced that it has implemented formal channels for stakeholders to contribute to the organization and development of data security standards.

The PCI Security Standards Council has announced that nominations for election to the PCI
Security Standards Council (PCI SSC) Board of Advisors are now open. According to the Council, "the Board of Advisors will represent the current roster of more than 100 PCI SSC Participating Organizations, and will provide strategic and technical guidance to the PCI Security Standards Council, reflecting the varied perspectives of different global stakeholders."

American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International have announced the formation of an independent council - the PCI Security Standards Council - designed to manage the ongoing evolution of the Payment Card Industry (PCI) Data Security Standard.