The Payment Card Industry Security Standards Council (PCI SSC) successfully concluded its Asia-Pacific Community Meeting in Hanoi this week, bringing together hundreds of payment security stakeholders both in-person and virtually from across the region and beyond.
“These Community Meetings are vital platforms for direct engagement with stakeholders, enabling us to collectively address emerging technologies and evolving security threats.”
The two-day event featured the Council’s new leadership team, led by Executive Director Gina Gobeyn, who delivered the opening keynote address highlighting the organization’s evolution and vision for the future of payment security. Gobeyn was joined by Diana Greenhaw, Head of Engagement, and Deanne Zettler, Head of Product and Technology, marking a historic moment as the Council’s first all-female leadership team.
“Asia-Pacific represents a crucial market in our global mission to secure payment data worldwide,” said Gobeyn. “These Community Meetings are vital platforms for direct engagement with stakeholders, enabling us to collectively address emerging technologies and evolving security threats.”
Payment security professionals from around the world delivered presentations on a variety of timely topics. Key focus areas included:
- Cloud computing and artificial intelligence impacts on payment security
- Global payment trends and emerging threats
- The release of PCI Mobile Payments on COTS (MPoC) Standard v1.1
- Critical deadlines for PCI DSS v4.0.1 implementation
Yew Kuann Cheng, PCI SSC Regional VP for Asia-Pacific, emphasized the importance of industry participation: “Our effectiveness in securing payment data globally depends on broad industry engagement. The Asia-Pacific Community Meeting is an excellent opportunity to network with payment security professionals and organizations and learn from each other. We encourage organizations to become Participating Organizations and join us in shaping the future of payment security standards together.”
A significant portion of the meeting focused on preparing stakeholders for the March 2025 deadline to implement PCI DSS v4.0.1 future-dated requirements. The Council highlighted several new resources:
- PCI DSS v4.0.1 Published: To address stakeholder feedback and questions received since PCI DSS v4.0 was published in March 2022, PCI SSC published a limited revision to the standard, PCI DSS v4.0.1, which includes corrections to formatting and typographical errors and clarifies the focus and intent of some of the requirements and guidance. There are no additional or deleted requirements in this revision.
- New Guidance Coming for E-commerce Security Requirements in PCI DSS v4.0.1: The Council has engaged with industry experts to establish an E-commerce Guidance Task Force with the sole objective of developing guidance focusing on PCI DSS v4.0.1 Requirements 6.4.3 and 11.6.1. New guidance is expected to be released in early 2025.
- New ROC Template: PCI SSC released a new Report on Compliance template for v4.0.1 to align with the standard, to address minor errors, and to reformat the template. PCI SSC also addressed feedback from stakeholders regarding usability and performance.
- New Resource Guide: Vulnerability Scans and Approved Scanning Vendors: This new resource guide is intended for anyone with questions about ASV scans, with a focus on SAQ A merchants completing PCI DSS Requirement 11.3.2 for the first time. In this resource guide, PCI SSC shares key considerations, educational resources, and frequently asked questions to help better understand PCI DSS Requirement 11.3.2, which requires evidence of passing external scans, performed by an ASV, at least once every three months.
Visit the PCI SSC website for more information on all the PCI Council’s efforts and activities including how your organization can attend future PCI SSC events and join the global cross-industry effort to increase payment security.