PCI Assessors Meeting
I am currently on my way back from Las Vegas and the PCI (Payment Card Industry) Assessors Meeting. I guess it is appropriate that the Delta flight that I am on is a cashless flight; you are now able to buy all the $5 Pringles you can eat with a credit card. But I digress; the real update here is regarding the PCI Assessors Meeting that I attended Thursday afternoon. In all there were approximately 30 representatives of QSA (Qualified Security Assessors)/ASV (Approved Scanning Vendors) companies in attendance. The event was not well attended from the perspective of many people that I spoke with, some attributing the lack of attendance on the session not being well publicized. The meeting provided a summary of the last couple of months within the payment card industry. The monthly newsletter was discussed as well as the relevance of topics covered within the newsletter. Evidence gathering and how evidence is verified provided some information on the top 10 areas for improvement for DSS (Data Security Standard) and PA-DSS (Payment Application – Data Security Standard). Speaking of the PA-DSS, it was reported that there has been a 17% increase in the number of the ROVs (Report on Validation) being submitted. The recently released ASV Program Guide was summarized during the meeting, including the new reporting templates. The question and answer session lasted longer than the presentation and covered a broad area of topics. There were questions related to assessment methodology and the need to have consistency in approach amongst the QSA firms. The QA Program will be updated in the fall to coincide with the update to the DSS. The updates or potential updates to the standard where not discussed as the card brands and the SSC (Security Standards Council) want to make sure that they adhere to the feedback lifecycle timelines that have been established. Overall the meeting would have been better received if there was more information provided regarding the proposed updates to the DSS. However, the card brands and the members of the SSC were willing to engage in productive conversation that will benefit the standard in the long term.
Explore More Blog Posts
Emulating & Exploiting UEFI: Unveiling Vulnerabilities in Firmware Security
Explore the intricacies of UEFI security with exploration into emulation, dynamic analysis, and the LogoFail vulnerability. Learn how subtle input manipulations can expose critical firmware weaknesses.
Scaling Security with Modern PTaaS: Gartner Report Insights
Discover Gartner® 2025 insights on how PTaaS scales security with continuous validation, automation, and real-time remediation, and how NetSPI can help.
Why Continuous Testing is the New Standard for Modern Security
NetSPI's continuous pentesting delivers regular, tailored assessments across critical assets, customized to your organization's risk profile and operational cadence to ensure coverage where it matters most. These services are delivered through NetSPI’s leading PTaaS platform using existing workflows.