Skip links

AFPC intervention on the new PCI standards

In June 2013, the AFPC was asked by the GIE CB to discuss and exchange views on the new prescribed PCI logical and physical security standards for the card production activities (PCI-CP).
At almost the same time EUROSMART, a European association whose members also include card manufacturers, spoke to PCI, VISA and Mastercard about the difficulties to implement such new standards on card plants.

So AFPC naturally associated itself with the work of EUROSMART on this subject although it regrets not having been informed of it earlier.
The AFPC remains very attentive to the evolution and application of these standards, and as usual wishes to work with GIE CB on the evolution proposals which could be submitted to the Board of PCI.

This issue is dealt within the framework of our security commission focusing on the coherence of the position between AFPC and EUROSMART.
This new standard announced by PCI end of 2012 was implemented in the fourth quarter of 2013 for French industrial plants which were the first to be audited with these new standards; in terms of first approach the number of remarks for the audited industrial plants has almost doubled compared to previous audits ; when we know the cost of implementing such recommendations the card industry is worried.

It is absolutely necessary to pursue the joined AFPC and EUROSMART actions with PCI, VISA and Mastercard in order to avoid a significant increase of security requirements, which seems to us to be out of steps in terms of risk, based on existing situation.