Request for Comments: PCI Card Production and Provisioning Physical and Logical Security Standards v3.0.1

AndyC 14 February 2026

From 13 February to 16 March, eligible PCI SSC stakeholders are invited to review and provide feedback on the draft PCI Card Production and Provisioning Physical and Logical Security Standards v3.0.

Request for Comments: PCI Card Production and Provisioning Physical and Logical Security Standards v3.0.1

Request for Comments: PCI Card Production and Provisioning Physical and Logical Security Standards v3.0.1

From 13 February to 16 March, eligible PCI SSC stakeholders are invited to review and provide feedback on the draft PCI Card Production and Provisioning Physical and Logical Security Standards v3.0.1 during a 30-day request for comments (RFC) period.  

The RFC will be available through the PCI SSC Portal, including instructions on how to access the documents and submit feedback. Eligible stakeholders will also receive instructions via email. As a reminder, participants are required to accept a Non-Disclosure Agreement (NDA) to download the document. Please review the RFC Process Guide for more information. 

 Please note that PCI SSC can only accept comments that are submitted via the PCI SSC Portal and received within the defined RFC period.     

Background on the PCI Card Production and Provisioning Physical and Logical Security Standards v3.0.1 

The PCI Security Standards Council is conducting an exploratory RFC to see if changes need to be made to the currently published version of both the Card Production and Provisioning - Physical and the Card Production and Provisioning - Logical Security Standards. These standards have not been updated since June 2022.  

The Card Production and Provisioning – Physical Standard addresses physical security requirements for entities involved in card production and provisioning, which may include manufacturers, personalizers, pre-personalizers, chip embedders, data-preparation, and fulfillment.  

Card Production and Provisioning – Logical Standard addresses the logical security activities associated with card production and provisioning such as data preparation, pre-personalization, card personalization, and PIN generation.

 Access the PCI SSC Portal and Provide Comments

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , ,

More Stories

Spotlight On: Futurex, a New Principal Participating Organization

Spotlight On: Futurex, a New Principal Participating Organization

AndyC 10 February 2026
The AI Exchange: Innovators in Payment Security Featuring Soft Space

The AI Exchange: Innovators in Payment Security Featuring Soft Space

AndyC 3 February 2026
PCI Security Standards Council Publishes First-Ever Annual Report

PCI Security Standards Council Publishes First-Ever Annual Report

AndyC 30 January 2026
Coffee with the Council Podcast: PCI SSC Releases Version 2.0 of the PCI Secure Software Standard 

Coffee with the Council Podcast: PCI SSC Releases Version 2.0 of the PCI Secure Software Standard 

AndyC 29 January 2026
Celebrating Data Privacy Week with NIST’s Privacy Engineering Program

Celebrating Data Privacy Week with NIST’s Privacy Engineering Program

AndyC 28 January 2026
PCI SSC 2025 Community Meetings Now Available on Global Content Library

PCI SSC 2025 Community Meetings Now Available on Global Content Library

AndyC 21 January 2026

You may have missed

Request for Comments: PCI Card Production and Provisioning Physical and Logical Security Standards v3.0.1

Request for Comments: PCI Card Production and Provisioning Physical and Logical Security Standards v3.0.1

AndyC 14 February 2026
Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release

Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release

AndyC 14 February 2026
Randall Munroe’s XKCD ‘International Station’

Randall Munroe’s XKCD ‘International Station’

AndyC 14 February 2026
Roses Are Red, AI Is Wild: A Guide to AI Regulation

Check Point Unveils a New Security Strategy for Enterprises in the AI Age

AndyC 14 February 2026
Roses Are Red, AI Is Wild: A Guide to AI Regulation

Roses Are Red, AI Is Wild: A Guide to AI Regulation

AndyC 14 February 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.