Category: News

News from the world of payment security and PCI SSC standards

Changes in PCI PTS HSM v5.0: Who do they affect and what does it mean for the future of payments?

On May 18, 2026, the PCI SSC released version 5.0 of the PCI PTS HSM standard (or simply PCI HSM). This standard includes numerous changes that may affect, directly or indirectly, compliance with other PCI standards.

/ May 20, 2026

What is known about PCI DSS v5.0?

Version 4.0 of PCI DSS was released in March 2022. The PCI Security Standards Council is already actively working on version 5.0. What is known about this new version? Ray Kurzweil's Law of Accelerated Yields...

/ April 7, 2026

Two-year extension for PCI PTS HSM v3

After having us on edge for a few months, the PCI Security Standards Council (PCI SSC) has extended the expiration periods of devices validated in PCI HSM as follows: Extends the period of device validation in...

/ March 9, 2026

The expiration date of PCI HSM version 3.x is approaching (30 April 2026), what will happen to the affected devices?

April 30, 2026 is the stipulated date for the expiration of cryptographic devices validated according to PCI HSM version 3.x. If you do not have defined your migration strategy, this article interests you. NOTE: The PCI SSC has...

/ February 12, 2026

Do you process card data and don't want to get complicated with PCI DSS compliance reports? So you can get an exemption

The security of payment card data is not the same as it was 10 or 15 years ago. The massification of EMV chips and contactless transactions, the use of tokenization, the implementation of P2PE controls and...

/ December 18, 2025

Visa's AIS program no longer includes level 4 for merchants

Visa's Account Information Security (AIS) program has undergone major changes, modifying merchant classification criteria to report compliance with the PCI DSS standard. This program defines the applicable requirements based on the...

/ November 27, 2025

5 Key Concepts of the New PCI SSC Authentication Guide

At the end of August 2025, the PCI SSC published two new guides (informational supplements) related to authentication and cryptography. Although these documents do not change the applicability and/or enforceability of the related PCI SSC controls, they do...

/ September 2, 2025

Vulnerability management in PCI DSS: Connecting all related controls

Vulnerability management is one of the most exhausting tasks in a PCI DSS environment, since it is necessary to periodically monitor the publication of notifications by manufacturers, review the reports of the scans and tests of...

/ June 5, 2025

PCI SSC PIN Listing Program: Everything you need to know

In May 2025, the PCI SSC announced the publication of a list of entities that meet the PCI PIN standard. This list – unlike the previous lists which were managed by the payment brands themselves, ...

/ May 20, 2025

What follows after the entry into force of future PCI DSS v4 controls?

Due to the complexity of its implementation, the PCI DSS v4 standard established a grace period for the implementation of certain security controls. That period expired on 31 March 2025. What follows after this date?...

/ April 1, 2025

Artificial Intelligence (AI) in PCI assessments: A look at the new PCI SSC guide

In March 2025, the PCI SSC published a new guide that will completely change the process of evaluating controls of its standards, allowing the controlled use of Artificial Intelligence (AI) technologies to support QSA advisors: Payment...

/ March 18, 2025

New information supplement: Security on payment pages and prevention of e-skimming

The PCI SSC has published a new Information Supplement aimed at security in payment pages and prevention of e-skimming attacks as a guide for the implementation of controls 6.4.3 and 11.6.1 of PCI DSS v4.0.

/ March 11, 2025

Changes in SAQ A of PCI DSS v4.0.1

As part of efforts to achieve security and compliance balance, the PCI SSC announced on January 30, 2025 that controls related to the security of payment pages (6.4.3 and 11.6.1) will be removed from the...

/ January 31, 2025

Brief review of the PCI SSC Europe Community Meeting 2024 in Barcelona

This October 2024 the PCI SSC Europe Community Meeting was held in the beautiful city of Barcelona (Spain). In this article we tell you the main topics covered, the changes that are coming in terms of standards of...

/ October 14, 2024

New version of PCI DSS: 4.0.1

On 11 June 2024 the PCI SSC published version 4.0.1 of the PCI DSS standard, which replaces version 4.0 published in March 2022 This new version contains minor revisions, typographic and formatting corrections and...

/ June 12, 2024