The Payment Card Industry Security Standards Council (‘PCI SSC’) has had a busy year thus far updating both its Card Production Security Requirements and its Data Security Standards (‘PCI DSS’).
First, on 10 April, the PCI SSC updated its Card Production Requirements (guidance published to help card producers secure the card production process from creation through to delivery). The requirements themselves are divided into two parts: Card Production Logical Security Requirements and Card Production Physical Security Requirements. The logical requirements apply to the personalisation of cards or the manipulation of card data, whereas the physical requirements deal with processes like the storage and mailing of cards. The update changes or adds requirements across a variety of issues, from card storage embossing to emergency exits; but although the PCI SSC maintain the standards, the emphasis is firmly upon payment companies themselves to manage assessments against these PCI requirements.
Continue Reading PCI Council Updates both Card Production Standards and Data Security Standards