vendorcom.com

[Amanda]

For anyone with an interest in the PCI PTS (PIN Transaction Security) program, the PCI SSC is still looking for further feedback to help guide the next stage in the standard's evolution. The closing date is fast approaching, but there is still time for participating organisations to submit feedback. Below is the communication sent out by the PCI SSC to all Participating Organisations this week.

October 29, 2009

Dear Participating Organization


This is a reminder that the open feedback period for the PIN Transaction Security (PTS) program's security requirements is closing soon. Please submit your feedback this month in order to promote dynamic discussions of the next evolution of the standards.

On September 24th at the PCI SSC Community Meeting in Las Vegas, Leon Fell, head of the PTS working group put a call out for community input.

The PTS program operates on a 3 year lifecycle. Details of the lifecycle are available in the PTS program guide, found at:

https://www.pcisecuritystandards.org/security_standards/ped/index.shtml
For consistency, a formal lifecycle document, similar to that available for PCI DSS and PA-DSS, will be available in Q4 2009. In the meantime, I wanted to outline the process for updating the PTS security requirements with you.

A revised version of the PTS security requirements will be released in April 2010.

Now is the time to submit comments and feedback on current requirements (POS PED v2.1, EPP V2.1 and UPT v1.0). Comments can be sent directly to the working group at pcipts@pcisecuritystandards.org

At the Community Meeting Leon Fell presented the PCI SSC's proposal to move to a modular program to manage the PIN Transaction security requirements. This modular approach will consolidate the aforementioned sets of requirements into a single set of requirements for cardholder interface devices, known collectively as Point-of-Interaction (POI) devices. This proposal was developed by the Council with input from a special task force comprised of members of your PCI SSC Board of Advisors The presentation is available for review in the PO portal (https://po.pcisecuritystandards.org/default.aspx) of the PCI SSC website. Further discussion of and detail on this proposal will be presented in conjunction with the CARTES show in Paris on November 17, 2009. This is the third face to face opportunity for feedback.

Following those discussions, feedback will be compiled and analyzed for the next version of PTS requirements. A draft of the new requirements will be made available for a sixty day comment and review period early in the first quarter of 2010. After final comments, the PTS requirements will be refined and a final version published in April 2010.

To summarize, following the Community Meeting there are still four opportunities for feedback on the PTS requirements:

To summarize, following the Community Meeting there are still three opportunities for feedback on the PTS requirements

• Via email comments to pcipts@pcisecuritystandards.org
• At the CARTES Expo in Paris, November 17 2009
• Through the comment and review period early 2010

Thank you for your valuable input. Please let me know if you have any questions.


Sincerely,


Bob Russo
General Manager
PCI Security Standards Council