Recently, the council that controls the data security standard for the payment card industry (PCI DSS) published an approved list of point-to-point encryption (P2PE) systems. With point-to-point encryption technology, organizations are able to reduce the scope of their cardholder data environment, as well as annual PCI DSS assessments.
When organizations implement point-to-point technology, it’s important to focus on building, testing, and deploying solutions that provide high levels of support for PCI DSS compliance. PCI DSS compliance is absolutely necessary for any organization handling customer payment card data. These organizations must pay attention to how that information is held and protected.
During the Payment Card Industry Security Standards Council’s annual European community meeting, the list of approved P2PE systems was revealed. With the approved P2PE systems, organizations can simplify their security measures by removing clear-text cardholder data.
Throughout the meeting, 500 global stakeholders were able to provide feedback on the upcoming version 3.0 of the PCI DSS, which will be published on November 7th, 2013. The council also discussed technology initiatives regarding security of mobile payment acceptance.
Those who attended the meeting were given the change to interact with peers, discussing the challenges and lessons learned during presentations. Many attendees also proposed suggestions for PCI Special Interest Group (SIG) projects in the upcoming year.
PCI organizations have the chance to vote for the SIG projects they’d like to see the community pursue in 2014. The voting takes place from November 4th to 15th. The PCI SSC is working towards developing adequate payment security standards that address common challenges today.
In addition, the PCI SSC is continually developing business practices for organizations to embrace new technologies while protecting against evolving threats.