PCI Security Standards Council - News, Features, and Slideshows


  • PCI Council looks for ways to stem data breaches after bad year

    A consortium that develops guidelines for protecting payment card data is hoping that emerging security technologies will help prevent breaches that made this year one of the worst ever on the security front.

    Written by Jeremy Kirk18 Nov. 14 13:24
  • Shellshock flaw could pose risks to payments industry

    The "Shellshock" flaw has the potential to pose a risk to the payments industry, but doesn't appear to have caused any problems yet, an official with a consortium run by major credit card companies warned on Tuesday.

    Written by Jeremy Kirk01 Oct. 14 10:30
  • Security council blames breaches on poor PCI standard support

    The growing number of data breaches resulting in massive numbers of payment cards being stolen from retail stores and other businesses is occurring because they're failing to keep up with the Payment Card Industry's data security standard, according to the PCI Security Standards Council.

    Written by Ellen Messmer28 Aug. 14 22:54
  • Windows XP can put SOX, HIPAA, credit card security-compliance at risk

    When Microsoft stops supporting Windows XP next month businesses that have to comply with payment card industry (PCI) data security standards as well as health care and financial standards may find themselves out of compliance unless they call in some creative fixes, experts say.

    Written by Tim Greene17 March 14 14:03
  • Payment card industry gets updated security standard with new requirements

    The PCI Security Standards Council released version 3.0 of the PCI Data Security Standard (PCI DSS) and corresponding Payment Application Data Security Standard (PA-DSS), adding new security requirements and guidance for payment-card industry organizations, including merchants, payment processors, financial institutions and service providers.

    Written by Lucian Constantin08 Nov. 13 18:30
  • Security standards council cuts through PCI cloud confusion

    Can you hold Payment Card Information (PCI) data in a cloud-based service? Yes, but doing so isn't straightforward, so the PCI Security Standards Council has published a guideline that clarifies what approaches compliance-minded businesses can take.

    Written by Ellen Messmer07 Feb. 13 17:01
  • PCI point-to-point encryption guidelines raise new questions

    The PCI Security Standards Council today is expected to issue guidelines on use of point-to-point encryption in protecting sensitive payment card data, but the narrow approach — which is focused on hardware — is raising questions.

    Written by Ellen Messmer16 Sept. 11 00:45
  • PCI security group speaks out on encryption

    The organization in charge of defining security for the payment-card industry's merchants and service providers Tuesday issued two guidance papers, the first on end-to-end encryption and the second on payment card technology used more commonly in Europe than the United States.

    Written by Ellen Messmer06 Oct. 10 07:06