PCI changes date for migrating from SSL and early TLS
Acquirer Forum
New year, new SIG
Call for speakers for PCI Middle East Forum
VISA mandates use of QIRs
Orlando ISA class now enrolling
As always, if you have questions, concerns, or suggestions on how to improve this weekly communication for POs, please email us at: pcimonitor@pcissc.org.
PCI News & Program Updates
PCI Changes Date for Migrating from SSL and Early TLS
As announced in December 2015, the Council reminds organizations that the migration completion date has been extended to 30 June 2018 for transitioning from Secure Sockets Layer (SSL) and Transport Layer Security (TLS) TLS 1.0 to a secure version of TLS (currently v1.1 or higher). This supersedes the original dates issued in both PCI Data Security Standard v3.1 (DSS 3.1) and in the Migrating from SSL and early TLS Information Supplement in April 2015.
To help you better understand what this means for you, we’ve put together helpful information on updated timelines, requirements and reasons for the adjustments - all available for download in PDF form here, and on our blog. Also be sure to view this videofeaturing PCI and industry experts explaining the date change, what it means and how to address it. We encourage you to share this information with your customers and business partners.
Acquirers & Processors: Join us for the Acquirer Forum
Understanding the latest updates and planned initiatives from the PCI Council is an important part of helping your business and your customers protect payment information. Join your peers in the acquiring space for an interactive discussion with the PCI Council at our upcoming Acquirer Forum conference call. The agenda will include the Acquirer Checklist, Acquirer Training, Point-to-Point version 2 and PCI SSC initiatives for 2016.
We invite you to roll up your sleeves and participate in this project:
Best Practices for Safe E-Commerce
It’s time to get going! If you're interested in joining the group, simply SIGN-UP online to be in the loop for the kick-off meetings starting this month!
Call for Speakers Now Open for 2016's Middle East Forum
PCI Security Standards Council will be holding the 2nd Annual Middle East Forum, 6 - 7 April 2016 at the Conrad Dubai Hotel in Dubai, UAE. The Middle East Forum will gather payment executives from around the globe to discuss current technological advances, cybersecurity, mobile payments, EMV chip and additional topics facing the industry today.
A key component of the meeting is for regional issues to take center stage. To that end, PCI is accepting speaker abstracts for Regional Case Study presentations until 1 February 2016. This is your chance to position your organisation as a thought leader in the region.
Case Studies will be 20 minute sessions. Sample session submission ideas include but are not limited to:
EMV chip rollout and lessons learned
What PCI can learn from outside industries
Merchant perspectives on payment technologies
The future of mobile payments
Balancing security and compliance
If you are interested in presenting at this premier regional payments event, please complete this form and email it to us at pcispeaking@pcisecuritystandards.org by 1 February 2016. We value your contributions. Join us with your expertise and be a part of the community.
The Clock is Ticking: VISA Mandates Use of QIRs for Merchants in the US and Canada
In a recent security bulletin, Visa warned organizations to be aware of coordinated efforts to attack merchant POS systems, which take advantage of improper network configuration, inadequate remote access security, and use of easily-guessed or default passwords.
To help merchants address these security weaknesses that put them at risk, Visa is mandating the use of PCI validated Qualified Integrators and Resellers (QIR), trained professionals in secure installation and maintenance of POS systems. Specifically:
Beginning March 2016, ANY NEW Level 4 Merchant in the US or Canada MUST utilize a QIR to implement, integrate, maintain or service their integrated POS system.
Beginning January 2017, ALL Legacy Level 4 Merchants in the US or Canada MUST utilize a QIR to implement, integrate, maintain or service their integrated POS system.
Soak up some sun and some PCI knowledge, too. Enroll in the ISA training class in Orlando, Florida on 8-9 February.
Applications must be in by 25 January. Take two days to learn how to improve security and conduct assessments for your organization’s payment card data. Don’t wait any longer- register now.
PCI Security Standards Council, LLC 401 Edgewater Place Suite 600 Wakefield, MA 01880 You received this email because you are subscribed to The PCI Monitor from PCI Security Standards Council, LLC. Update your email preferences to choose the types of emails you receive. Unsubscribe from all future emails