Request for Comments: PCI TSP Security Requirements

From
27
March
to
27
April
2023,
eligible
stakeholders
are
invited
to
review
and
provide
feedback
on
the
PCI
Token
Service
Provider
(TSP)
Security
Requirements
v1.0
during
a
30-day
request
for
comments
(RFC)
period. 

The
RFC
will
be
available
through
the


PCI
SSC
portal,
including


instructions
on
how
to
access
the
documents
and
submit
feedback.
Eligible
stakeholders
will
also
receive
instructions
via
email.
As
a
reminder,
participants
are
required
to
accept
a
Non-Disclosure
Agreement
(NDA)
to
download
the
document.
Please
review
the


RFC
Process
Guide
for
more
information.  

Please
note
that
PCI
SSC
can
only
accept
comments
that
are
submitted
via
the
PCI
SSC
portal
and
received
within
the
defined
RFC
period.   

Background
on
PCI
TSP
Security
Requirements 
The
PCI
TSP
Security
Requirements
cover
physical
and logical
security
requirements
for
Token Service
Providers
that
generate
and
issue EMV
Payment
Tokens.
This
RFC
provides
stakeholders
the
opportunity
to
provide
feedback
to
ensure
the
requirements
continue
to
meet
the
needs
of
the
industry.
 

As
part
of
the
RFC
process,
your
comment(s),
your
organization’s
name,
and
how
PCI
SSC
actioned
your
feedback
comments
will
be
made
available
in
the


PCI
SSC
portal.
Please
review
the


RFC
Process
Guide 
and
our
resource
guide:


What
to
Know
Before
Participating
in
a
PCI
SSC
RFC
for
more
information
on
the
PCI
SSC
RFC
process. 

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts