PCI Security Standards Council®

Special Interest Groups

Special Interest Groups (SIGs) are community-driven initiatives that focus on payment security challenges related to PCI Security Standards.

The proposal period for 2019 SIGs is now closed, and the SIG survey is also closed. The PCI SSC will review and consolidate proposals, and will review survey results, and will be announcing next steps in the SIG process after reviewing stakeholder feedback from the survey.


2019 Special Interest Group (SIG) Proposals FAQ

Who can form a SIG? How can I propose one?

Any Participating Organization (PO), Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV), and PCI Council Member* are invited to propose a Special Interest Group during an open proposal period that runs between 15 August and 12 September 2018. At the close of the submission period on 12 September, the PCI SSC will review and consolidate proposals, and SIG candidates will provide presentations for Participating Organization review via the PO portal.

* PCI Council Members is defined as PCI SSC Staff, Payment Brands, Affiliate Members or Strategic Members.

How will SIGs be chosen?

SIGs will be chosen directly by Participating Organizations during a formal election period. This is designed to ensure that those stakeholders involved in implementing and supporting the PCI Security Standards have the opportunity to choose projects most beneficial to their needs.

At the close of the submission period on 12 September, the PCI SSC will review and consolidate proposals, and SIG candidates will provide presentations for Participating Organization review via the PO portal. Once these presentations are made available, Participating Organizations will be able to select and prioritize at least two and maximum of three SIG proposals using a voting tool on the PO portal. The PCI SSC will share results in January 2019 and work with the selected groups to create charters prior to the commencement of the new SIG(s).

What are some of the areas that SIGs have covered in the past? What topics are appropriate for SIG projects?

Special Interest Group (SIG) initiatives focus on specific payment security challenges that the PCI community wants guidance on addressing. Recent SIG topics include: Cloud Computing, Best Practices for Safe E-Commerce, Effective Daily Log Monitoring and Third-Party Security Assurance.

SIG work may provide clarification on specific requirements within a PCI Standard, examine how PCI Standards work within any given industry or environment, or any other area that supports the Council's mission of raising awareness and increasing adoption of PCI Standards. Since the PCI SSC is focused on providing tools and resources to secure payment card data within the current payment system, and must also operate within a strict anti-trust framework, a focus outside of the current payment system is beyond our scope and would not be an appropriate topic for a PCI SSC SIG project.

Who will lead the SIGs?

A PCI SSC representative will chair, lead and project manage SIG work. This collaboration will free SIG volunteers to focus on contributing subject matter expertise, without responsibility for logistical matters. This also ensures greater alignment between SIG volunteer contributions and PCI SSC direction.



Telephone-based Payment Selected as 2018 SIG Topic

Thank you to Participating Organizations that participated in the SIG project selection process. Participating Organizations chose to update the Protecting Telephone-based Payment Card Data as one of our 2018 SIG initiatives!

Involvement in Special Interest Groups is a great way to provide your expertise to the Council and develop practical payment security resources for the industry.

The new group will commence in March and the deliverables are expected to be published at the end of 2018.

If you are a Participating Organization, QSA, ASV or Affiliate Member, and would like to join this SIG, please click the ‘Register’ button below and complete the interest form.

登録

Best Practices for Maintaining PCI Compliance Selected as 2018 SIG Topic

Thank you to Participating Organizations that participated in the SIG project selection process. Participating Organizations chose to update the Protecting Telephone-based Payment Card Data as one of our 2018 SIG initiatives!

Involvement in Special Interest Groups is a great way to provide your expertise to the Council and develop practical payment security resources for the industry.

The new group will commence in March and the deliverables are expected to be published at the end of 2018.

The new group will commence in March and the deliverables are expected to be published at the end of 2018. If you are a Participating Organization, QSA, ASV or Affiliate Member, and would like to join this SIG, please click the ‘Register’ button below and complete the interest form.

登録



2018 Project: Protecting Telephone Based Payments Special Interest Group

Purpose

The purpose of this SIG is to update the 2011 document Information Supplement: Protecting Telephone-based Payment Card Data”, in line with current telephony technology and contact center solutions.

Objective

The objective of the Telephony SIG is to produce an updated Information Supplement based on the 2011 document, recent industry and PCI SSC contributions, and 2017 RFC feedback. The new Information Supplement will provide guidance for today’s telephone payment environments, whether as a merchant, service provider, or vendor, to better manage the risk of fraudulent activity in this essential payment service area. Considerations for the new Information Supplement will include the following:

  • Identifying typical environments/scenarios representing telephone payment entities ranging from small businesses to large contact centers.
  • Identifying risks and security challenges to be considered within the identified environments.
  • Clarifying how PCI DSS requirements can be applied to telephony technologies to address the identified risks and challenges.
  • Identifying methods that may help reduce risks within the identified environments.
  • Identifying content from the 2011 document to be included in the new information supplement.
Approach

Per the Payment Card Industry Security Standards Special Interest Groups (SIGS) Rules of Engagement, a PCI SSC representative will chair, lead, and project manage the SIG’s work. This SIG chair helps drive consensus between SIG members and also helps to ensure alignment between SIG volunteer contributions and PCI SSC direction. The SIG chair, other PCI SSC participants, and SIG members (including Participating Organizations, payment brand participants, QSAs and ASVs) will work together collaboratively to accomplish the SIG objectives.

Participation

Participation will include PCI Council Members and staff, payment brands, volunteer Participating Organizations, and QSA and ASV companies. The participants are expected to provide expertise and share experience in best practices for managing compliance with PCI DSS, and to actively participate and contribute to the end deliverable.

There will be standing calls for the Telephony SIG, the timing and frequency of which will be determined during the first SIG meeting. Participants should allot time to attend meetings as well as additional time to draft and/or review documents, in accordance with their desired level of participation.

2018 Project: Best Practices for Maintaining PCI DSS Compliance

Purpose

The purpose of this SIG is to provide guidance on planning and managing ongoing adherence to PCI DSS requirements and to emphasize business-as-usual (BAU) processes, including key activities that may trigger the status of different PCI DSS requirements to be reviewed.

Objective

The objective of the Maintaining PCI DSS Compliance SIG is to update, as required, the 2014 Information Supplement entitled Best Practices for Maintaining PCI DSS Compliance. SIG participants will identify the specific subject areas to be updated or added to the document. Considerations to include:

  • Alignment with updated PCI DSS and published information supplements.
  • Descriptions of activities that PCI DSS requires on a periodic basis, either explicitly or implicitly.
  • Guidance for reviewing and confirming that PCI DSS controls remain in place throughout the year.
  • Recommendations for processes and methods to produce and maintain clear and sufficient evidence to demonstrate compliance with the applicable PCI DSS requirements.
Approach

Per the Payment Card Industry Security Standards Special Interest Groups (SIGs) Rules of Engagement, a PCI SSC representative will chair, lead, and project manage the SIG’s work. This SIG chair helps drive consensus between SIG members and also helps to ensure alignment between SIG volunteer contributions and PCI SSC direction. The SIG chair, other PCI SSC participants, and SIG members (including Participating Organizations, payment brand participants, and QSAs and ASVs) will work together collaboratively to accomplish the SIG objectives.

Participation

Participation will include PCI Council Members and staff, payment brands, volunteer participating organizations, and QSA and ASV companies. The participants are expected to provide expertise and share experience in best practices for managing compliance with PCI DSS, and to actively participate and contribute to the end deliverable. There will be standing calls for the Maintaining PCI DSS Compliance SIG, the timing and frequency of which will be determined during the first SIG meeting. Participants should allot time to attend meetings as well as additional time to draft and/or review documents, in accordance with their desired level of participation.

Draft and Final versions of the paper will be written by PCI SSC staff and/or SIG members, per individual SIG member’s desired degree of participation.

2016 Project: Best Practices for Safe E-Commerce

The Best Practices for Securing E-commerce guidance document was published on 31 January 2017

Our website uses both essential and non-essential cookies to analyze use of our products and services. This agreement applies to non-essential cookies only. By accepting, you are agreeing to third parties receiving information about your usage and activities. If you choose to decline this agreement, we will continue to use essential cookies for the operation of the website. View Policy

Powered By OneLink