Page 1 - GS180302
P. 1
March 26 2018 • Issue 18:03:02
PCI SSC raises bar on data security
more proactive ongoing security within code, more use
of things like machine learning and artificial intelligence,
and similar types of dynamic security as well."
To usher in next-generation payment security, Lance J.
Johnson was appointed Executive Director of the PCI SSC
effective January 2018. A payment security veteran, he
brings to the role over 20 years' senior leadership expe-
rience. He guided global risk management, data security,
fraud detection and control efforts at Visa; most recently,
he was Chief Operating Officer at Sequent Software Inc.
The PCI SSC has several projects underway designed to
make payment data security compliance more accessible
to merchants and service providers, as well as offer great-
er flexibility to software developers and system installers.
By Ann Train This article delves into top items on the council's 2018 pay-
ment security agenda and strategies advancing data pro-
hen the PCI Security Standards Council was tection.
formed in 2006, the new payment standards
body assumed responsibility for advanc- PCI DSS, TLS update
W ing the Payment Card Industry (PCI) Data
Security Standard (DSS) and PIN Transaction Security On Feb. 1, 2018, PCI DSS version 3.2 went into effect. Ini-
Standard, which had been promulgated and managed tially released in April 2016, the update addresses several
by founding members American Express Co., Discover known exploits to data security and compliance, and in-
Financial Services, JCB International Credit Card Co. Ltd., troduces new sub-requirements for service providers, in-
Mastercard and Visa Inc. cluding semi-annual segmentation checks and ongoing
documentation of cryptographic architecture.
At that time, version 1.0 of the PCI DSS had been in place
since 2004. It came about just as online commerce was In the latest version, multifactor authentication became a
gaining traction and attracting more sophisticated forms requirement for all non-console administrative access to
of fraud. Today, the PCI SSC oversees 12 standards, in ad-
dition to assessor programs, certified solutions and online
resources driven by global Participating Organization
and Affiliate members and founders at the committee and Contributed articles inside by:
board levels, as well as various working groups, task forc-
es and special interest groups. Brandes Elitch ........................................................................................23
Steven Feldshuh ...................................................................................40
"We've really gone through a renaissance in payments Adam T. Hark ..........................................................................................44
over the last 10 years," said PCI SSC Chief Technology Dinesh Saparamadu ............................................................................47
Officer Troy Leach. "We're looking at not only what has
been introduced for payment innovation, but also secu-
rity innovation. There are new ways that you can include TOC on page 3
Continued on page 34
