EC Cloud

Payment security, priorities and other activities of PCI SSC

Written by Holla Koala | Dec 24, 2021 6:45:04 AM

Keeping tabs on, improving, and promoting PCI security standards is the mission of the PCI Security Standards Council. EPC (European Payments Council) has had a working relationship with them for over a decade now. A PCI SSC Board of Advisors member, Gert Huizinga, spoke about the organization's ties to Europe in particular. This is a list of curated topics.


What is the purpose of the PCI SSC?
It is the goal of the PCI Security Standards Council (PCI SSC) to establish and promote safe payment standards around the world. Standards and services are defined to improve the security of payment account data around the world, with the goal of raising stakeholder awareness and encouraging their adoption of these new security measures. This is for the benefit of the global payments industry.
Six major credit card companies - including MasterCard and Discover - formed it in 2006 in the global marketplace. There are offices all over the world for PCI SSC.

Which members of the PCI SSC represent Europe?
Currently, there are 31 members on the board—eight of whom are from Europe (ECPA, Worldpay, Accor, Schwarz Group, Barclays, EPC, EPSM, Ingenico,). As the PCI SSC's Regional Head for Europe, Jeremy King facilitates communication and cooperation between PCI SSC and EPC.
Sitting across from one another at a table allows us to better understand one another's goals and concerns. We also keep PCI BoA members abreast of developments in Europe on a regular basis. The Payment Services Directive (PSD2), Regulatory Technical Standards (RTS), and a new European Payments Initiative were some of the subjects we discussed during our time together (EPI). As a member of PCI SSC BoA, you'll get first dibs on the latest in global security standardisation.


In Europe, what is the PCI standard?
EMV and PCI are the global standards for cards and mobile payments. These specifications are followed by all European point-of-sale terminals that accept international credit cards.
In the SEPA Cards Standardization Volume, European security and functional requirements are specified in detail. The PCI Data Security Standard (DSS) and PCI PIN Transaction Security (PTS) Standard were used as reference materials.
Domestic cards initially had their own limitations. A more efficient and less expensive process was made possible thanks to the global approach taken by the PCI SSC. As a result of this, the PCI Security Standards Council (PCI SSC) has made significant improvements to its standards.

The PCI SSC's current priorities and activities are as follows:
While software-based PIN-entry on commercially available devices is critical, the SPoC standard is just as important. Devices such as smartphones and tablets can be turned into full-service secure devices that have the same capabilities as traditional PIN pads thanks to this standard, which describes how to do so.
The PCI SSC also supports the PCI Point-to-Point Encryption Standard, which is widely used in Europe. Secure encryption at the POI renders cardholder and PAN data useless for criminals.
The PCI Security Standards Council (PCI SSC) is responsible for overseeing 15 standards that protect cardholder data throughout the payment lifecycle, from card creation to customisation. New technologies and developments in the industry necessitate regular revisions to these standards.

What payment data security issues do you foresee in Europe over the next few years?
Recognition of Europe's excellent payment security record is critical:. Two-factor authentication for e-commerce is a relatively new development, and tokenization is on the rise. Currently, the United States relies heavily on magstripe, signature, and paper-based transactions. While card data protection is important, it isn't the only thing to consider.

As new payment methods and technologies become available, the landscape of payments is rapidly evolving. As mobile payment technology improves and the new Software Security Framework is implemented, PCI SSC is updating its software requirements to reflect these changes. FinTech's entry into the payments market has spawned an abundance of new ventures. The PCI SSC and other key European organisations must continue working together to ensure the security of these new advancements.