Monday, December 12, 2011

PCI Council's Open Mic Meeting

The PCI Council held an "Open Mic" session today for Participating Organizations this morning. Here are some of the highlights.

  • A major focus was soliciting feedback on the both PCI DSS and PA-DSS. Each PO (and this includes NACUBO, so get us your feedback!) can make up to five comments or requests for clarification/change to the standards. The deadline to submit feedback is April 1. Tom Davis and I will be tracking ideas, and we will provide feedback in time.
  • There was review of the three Special Interest Groups (SIGs) for 2012: Risk Analysis, Cloud Computing, and eCommerce for Level 3 and 4 merchants. Since the eCommerce SIG has the greatest potential benefit for Higher Ed institutions, I joined that SIG. I am looking forward to participating actively and developing some good guidance that will benefit institutions of all sizes. If your school is a PO, it's never too late to join a SIG...I'd welcome the company!
  • Training continues to be a Council priority. There will be two webinars addressing training sessions and schedules early in the new year (January 26 and 31).
  • We can expect to see some more guidance on mobile computing in 2012.
  • We might also see some additional guidance on tokenization. I got the feeling the Council felt that the current documentation was enough, but they would do more based on what they see early in the new year.
  • Lastly, Bob Russo (General Manager of the Council) acknowledged the increased interest in skimming at the POS (see a previous post, here). Bob's advice was that the best defense against skimming is vigilance by front line staff spotting changes or differences. He also pointed out that the Council has an excellent document addressing skimming (click here to download a copy). He noted that it was among the most frequently downloaded documents on the site (and deservedly so, IMO!).
There is a second session scheduled for Wednesday, and the recording of each session should on the Council's website soon. I believe they will be generally available if you want to listen.

No comments:

Post a Comment