"The 2025 Annual Report tells the story of a year defined by progress, collaboration, and impact across the global payments community. As PCI SSC’s Executive Director reflects in the opening letter, the pace of change in payments continues to accelerate—and so do the threats. In response, PCI SSC and its community came together in 2025 to deliver bold, meaningful work designed to make a real difference for the industry."

“Today, the PCI Security Standards Council (PCI SSC) published version 1.2 of the PCI Secure Software Standard and its supporting program documentation. The PCI Secure Software Standard is one of two standards that are part of the PCI Software Security Framework (SSF). The PCI Secure Software Standard and its security requirements help provide assurance that payment software is designed, developed, and maintained in a manner that protects payment transactions and data, minimizes vulnerabilities, and defends against attacks.  Version 1.2 of the PCI Secure Software Standard introduces the Web Software Module, a set of supplemental security requirements to the Secure Software Standard’s Core Requirements for payment software that uses internet technologies, protocols, and languages to support or facilitate electronic payment transactions. The security requirements provided in the Web Software Module identify key software security controls to implement to address the most common security issues related to the use of internet-accessible payment technologies.”