Not rendering correctly? View this email as a web page here.
In this issue: 6 January 2016
  • PCI changes date for migrating from SSL and early TLS
  • Acquirer Forum
  • New year, new SIG
  • Call for speakers for PCI Middle East Forum
  • VISA mandates use of QIRs
  • Orlando ISA class now enrolling

As always, if you have questions, concerns, or suggestions on how to improve this weekly communication for POs, please email us at:

PCI News & Program Updates

PCI Changes Date for Migrating from SSL and Early TLS

As announced in December 2015, the Council reminds organizations that the migration completion date has been extended to 30 June 2018 for transitioning from Secure Sockets Layer (SSL) and Transport Layer Security (TLS) TLS 1.0 to a secure version of TLS (currently v1.1 or higher). This supersedes the original dates issued in both PCI Data Security Standard v3.1 (DSS 3.1) and in the Migrating from SSL and early TLS  Information Supplement in April 2015.

To help you better understand what this means for you, we’ve put together helpful information on updated timelines, requirements and reasons for the adjustments - all available for download in PDF form here, and on our blog. Also be sure to view this video featuring PCI and industry experts explaining the date change, what it means and how to address itWe encourage you to share this information with your customers and business partners. 

> Read More


Participation Opportunities

Acquirers & Processors: Join us for the Acquirer Forum

Understanding the latest updates and planned initiatives from the PCI Council is an important part of helping your business and your customers protect payment information. Join your peers in the acquiring space for an interactive discussion with the PCI Council at our upcoming Acquirer Forum conference call. The agenda will include the Acquirer Checklist, Acquirer Training, Point-to-Point version 2 and PCI SSC initiatives for 2016. 

Questions or comments? Email

Date: 20 January 2016 | Time: 11:00 - 12:30 EST | Location: WebEx Call

> Register Now


Join the 2016 Special Interest Group

We invite you to roll up your sleeves and participate in this project:

  • Best Practices for Safe E-Commerce

It’s time to get going! If you're interested in joining the group, simply SIGN-UP online to be in the loop for the kick-off meetings starting  this month! 

> Sign Up


Call for Speakers Now Open for 2016's Middle East Forum

PCI Security Standards Council will be holding the 2nd Annual Middle East Forum, 6 - 7 April 2016 at the Conrad Dubai Hotel in Dubai, UAE. The Middle East Forum will gather payment executives from around the globe to discuss current technological advances, cybersecurity, mobile payments, EMV chip and additional topics facing the industry today.

A key component of the meeting is for regional issues to take center stage. To that end, PCI is accepting speaker abstracts for Regional Case Study presentations until 1 February 2016. This is your chance to position your organisation as a thought leader in the region.

Case Studies will be 20 minute sessions. Sample session submission ideas include but are not limited to:

  • EMV chip rollout and lessons learned
  • What PCI can learn from outside industries
  • Merchant perspectives on payment technologies
  • The future of mobile payments
  • Balancing security and compliance

If you are interested in presenting at this premier regional payments event, please complete this form and email it to us at by 1 February 2016. We value your contributions. Join us with your expertise and be a part of the community.

> Submit



The Clock is Ticking: VISA Mandates Use of QIRs for Merchants in the US and Canada

In a recent security bulletin, Visa warned organizations to be aware of coordinated efforts to attack merchant POS systems, which take advantage of improper network configuration, inadequate remote access security, and use of easily-guessed or default passwords.

To help merchants address these security weaknesses that put them at risk, Visa is mandating the use of PCI validated Qualified Integrators and Resellers (QIR), trained professionals in secure installation and maintenance of POS systems. Specifically: 

  • Beginning March 2016, ANY NEW Level 4 Merchant in the US or Canada MUST utilize a QIR to implement, integrate, maintain or service their integrated POS system.
  • Beginning January 2017, ALL Legacy Level 4 Merchants in the US or Canada MUST utilize a QIR to implement, integrate, maintain or service their integrated POS system.

To find a QIR, click here
To apply to become a QIR, click here.

To read VISA’s Security Bulletin click here

> Learn more


Orlando ISA Class Now Enrolling

Soak up some sun and some PCI knowledge, too.  Enroll in the ISA training class in Orlando, Florida on 8-9 February.

Applications must be in by 25 January. Take two days to learn how to improve security and conduct assessments for your organization’s payment card data. Don’t wait any longer- register now.

> Register now


Acquirer Forum
20 January
WebEx Call

Middle East Forum
6-7 April
Dubai, UAE