Payment card industry updates security

The council that administers the data security standard for the payment card industry (PCI DSS) has published a list of approved point-to-point encryption (P2PE) systems.

PCI DSS compliance is necessary for organisations that handle customer payment card data and specify how that information must be held and protected.

The list of approved P2PE systems was unveiled at the Payment Card Industry Security Standards Council (PCI SSC) Annual European Community Meeting in Nice, France.

The council views P3PE systems as a way for merchants to simplify their security programmes by removing clear-text cardholder data from the payment environment.

The meeting provided around 500 global stakeholders from 40 countries the last chance to give feedback on the coming version 3.0 of the PCI DSS to be published on 7 November.

The meeting also enabled the PCI DSS to update attendees on technology initiatives around mobile payment acceptance and tokenisation.

Attendees had the chance to interact with peers on challenges and lessons learned in case study presentations and hear proposals for suggested PCI Special Interest Group (SIG) projects in 2014.

From 4 to 15 November, PCI organisations will be able to vote for the SIG projects they would like the community to pursue in the year ahead.

“We are working to continue to develop global payment security standards that address today’s challenges and provide the framework for adapting our business practices to embrace emerging technologies and protect against changing threats,” said Jeremy King, European director, PCI SSC.