PCI Security Standards Council Community Meeting Attendees Help Guide Future of Payment Card Security

The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), today announced that more than 550 attendees from over 325 organizations met at the Council ‘ s second annual Community Meeting, in Orlando, Florida, to provide input and analysis of the newly released 1.2 version of the PCI DSS and other payment card security standards. This represents a 71 percent increase in attendance from 2007. The highly anticipated event, held from Sept. 23-25, welcomed the Council ‘ s participating organizations and assessment community contributors.

The Council also is pleased to announce that in addition to its rapidly growing assessment community members, there are more than 500 participating organizations from around the world that actively contribute to the standards setting process, up from approximately 240 in 2007. Participating organizations provide the backbone of feedback and support for the PCI security standards and cross a wide spectrum of industries and locations. Participating organizations are the only group in the Council that receive early versions of draft standards and documentation, provide feedback and direction on the PCI standards, and receive regular communications and opportunities to work with the Council on cardholder data security. The list of current participating organizations can be found at https://www.pcisecuritystandards.org/participation/member _ list.html .

Topics discussed at the Orlando meeting included the release of the PCI DSS version 1.2, updates to the PA-DSS and PED Security Requirements, special interest group reports on wireless and payment card pre-authorization security, the introduction of a quality assurance program for the QSA community along with keynote addresses from the Department of Justice and Forrester Research. These interactive sessions gave participants key information as they continue with their PCI standards implementation.

Because of the dramatic increase in participation in the Council, this year ‘ s community meeting in Orlando will be followed up with a second community meeting in Brussels, Belgium, October 21-23, 2008. This second meeting will enable participating organizations and the PCI assessment community to engage with the Council at an additional venue. More than 120 delegates have already registered for this additional meeting.

In addition to the more than 500 participating organizations, the Council has 147 approved scanning vendor (ASV) companies and 164 qualified security assessor (QSA) companies that help ensure continued compliance with the PCI DSS. The Council also approves payment application QSAs (PA QSAs) as part of the PA-DSS program. Together, the assessment community and participating organizations, at the community meeting and throughout the year help define and evolve the security standards to protect payment cardholder account data.

“ As we meet at our community meetings it is especially important that the Council reflects the broadest spectrum of payments system players, ” said Bob Russo, general manager, PCI Security Standards Council. “ The tremendous and rapid growth of our participating organization program and assessment ecosystem, as well as the increased attendance at our community meetings, is a testament to the payment industry ‘ s commitment to protecting cardholder data while ensuring that the standards we manage truly reflect global industry desires and needs. ”

For More Information :

More information on the PCI Security Standards Council and becoming a participating organization please visit pcisecuritystandards.org, or contact the PCI Security Standards Council at participation@pcisecuritystandards.org .

About the PCI Security Standards Council

The mission of the PCI Security Standards Council is to enhance payment account security by driving education and awareness of the PCI Data Security Standard and other standards that increase payment data security.

The PCI Security Standards Council was formed by the major payment card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. to provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of the PCI Data Security Standard (DSS), PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS). Merchants, banks, processors and other vendors are encouraged to join as Participating Organizations.