Friday, October 28, 2011

PCI Council Webinar to Address Point-to-Point Encryption Security

The PCI Security Standards Council has announced will provide a detailed overview to the recent updates to the PIN Transaction Security (PTS) program on November 8. A second, repeat webinar will be November 10.

Schools interested in P2PE may want to consider attending to get the latest information on the latest release of the PCI PTS requirements. Many institutions and their auxiliaries are very interested in this exciting technology that can reduce your PCI scope greatly. There are still some details like testing the POS devices to make sure they work as advertised, and this webinar should address some of those security questions.

Here are the details. You can also check out the PCI Council’s Website link:

PIN Transaction Security Program Updates: PTS 3.1 and PCI PIN Security Requirements 1.0

Tuesday, November 8, 2011 at noon PT/3:00 pm ET/8:00 pm GMT

Thursday, November 10, 2011 at 8:00 am PT/11:00 am ET/4:00 pm GMT

Please join members of the PCI Standards team for a detailed overview of the newest updates to the PIN Transaction Security (PTS) program, followed by a live Q&A session. The presentation will cover key changes to PTS requirements including:

Updates to PTS Point of Interaction (POI) Requirements 3.1 that include two new approval classes for Secure Card Readers and Non-PIN Entry Devices

Extension of Secure Reading and Exchange of Data (SRED) and Open Protocol (OP) modules to version 2 devices

Explanation of how these changes can facilitate the secure deployment of point-to-point encryption (P2PE) technology and mobile payments

Overview of PCI PIN Security Requirements 1.0 and the use of this criteria for the protection of PIN data enhancements to HSM Security Requirements
I have written about P2PE before on this blog (click here to read it). Those of you new to this may want to have a read before the webinar.

Tuesday, October 25, 2011

Voting for PCI Special Interest Groups is Open

I know a number of your institutions are Participating Organizations (POs) in the PCI Council. If you are, it is time you get your PCI team -- including business and IT groups -- together to decide how to cast your vote for the Special Interest Groups (SIGs) for 2012.

The Council received 31 nominations for SIGs, and they narrowed it down to seven. Based on how POs vote, three will be selected for 2012. The seven are (in no particular order):

  • Managing administrative access to systems and devices
  • Preparing a risk assessment
  • Patch management
  • eCommerce security
  • Cloud technology
  • PCI for small businesses
  • Managing hosted service providers.

Looking at the seven, four are more technical in nature and three are business focused. That is why I suggest you want to get your whole team together so you gather ideas from all over the institution.

As most of you know, I (along with Tom Davis of Indiana University) represent NACUBO which is a PO. We finished our analysis and have recommended NACUBO's vote (which I'm casting later today) to reflect the mix of needs of Higher Ed institutions of all sizes. You now need to do the same for your institution. Voting opened Monday (Oct 24) and closes November 3, so don't wait!

Schools that are POs were sent an email last week with a link to the Council's PO portal. The portal has videos of the brief presentations from the Community Meeting where they previewed each nominated SIG. I recommend you view the videos, discuss your priorities, and cast your vote.

Not many standards or regulatory organizations let their 'constituents' decide where to do research and provide guidance. The PCI Council does, so I hope all schools who are POs will be sure and vote.