PCI SSC Monitor 12.2.2015

PCI Changes Date for Migrating from SSL and Early TLS

As announced in December 2015, the Council reminds organizations that the migration completion date has been extended to 30 June 2018 for transitioning from Secure Sockets Layer (SSL) and Transport Layer Security (TLS) TLS 1.0 to a secure version of TLS (currently v1.1 or higher). This supersedes the original dates issued in both PCI Data Security Standard v3.1 (DSS 3.1) and in the Migrating from SSL and early TLS Information Supplement in April 2015.

To help you better understand what this means for you, we’ve put together helpful information on updated timelines, requirements and reasons for the adjustments - all available for download in PDF form here, and on our blog. Also be sure to view this video featuring PCI and industry experts explaining the date change, what it means and how to address it. We encourage you to share this information with your customers and business partners.

> Read More

Acquirers & Processors: Join us for the Acquirer Forum

Understanding the latest updates and planned initiatives from the PCI Council is an important part of helping your business and your customers protect payment information. Join your peers in the acquiring space for an interactive discussion with the PCI Council at our upcoming Acquirer Forum conference call. The agenda will include the Acquirer Checklist, Acquirer Training, Point-to-Point version 2 and PCI SSC initiatives for 2016.

Questions or comments? Email AcquirerForum@pcisecuritystandards.org.

Date: 20 January 2016 | Time: 11:00 - 12:30 EST | Location: WebEx Call

> Register Now

Call for Speakers Now Open for 2016's Middle East Forum

PCI Security Standards Council will be holding the 2nd Annual Middle East Forum, 6 - 7 April 2016 at the Conrad Dubai Hotel in Dubai, UAE. The Middle East Forum will gather payment executives from around the globe to discuss current technological advances, cybersecurity, mobile payments, EMV chip and additional topics facing the industry today.

A key component of the meeting is for regional issues to take center stage. To that end, PCI is accepting speaker abstracts for Regional Case Study presentations until 1 February 2016. This is your chance to position your organisation as a thought leader in the region.

Case Studies will be 20 minute sessions. Sample session submission ideas include but are not limited to:

EMV chip rollout and lessons learned
What PCI can learn from outside industries
Merchant perspectives on payment technologies
The future of mobile payments
Balancing security and compliance

If you are interested in presenting at this premier regional payments event, please complete this form and email it to us at pcispeaking@pcisecuritystandards.org by 1 February 2016. We value your contributions. Join us with your expertise and be a part of the community.

The Clock is Ticking: VISA Mandates Use of QIRs for Merchants in the US and Canada

In a recent security bulletin, Visa warned organizations to be aware of coordinated efforts to attack merchant POS systems, which take advantage of improper network configuration, inadequate remote access security, and use of easily-guessed or default passwords.

To help merchants address these security weaknesses that put them at risk, Visa is mandating the use of PCI validated Qualified Integrators and Resellers (QIR), trained professionals in secure installation and maintenance of POS systems. Specifically:

Beginning March 2016, ANY NEW Level 4 Merchant in the US or Canada MUST utilize a QIR to implement, integrate, maintain or service their integrated POS system.
Beginning January 2017, ALL Legacy Level 4 Merchants in the US or Canada MUST utilize a QIR to implement, integrate, maintain or service their integrated POS system.

To find a QIR, click here
To apply to become a QIR, click here.
To read VISA’s Security Bulletin click here

> Learn more