PCI Community Meeting - Day 2

Day 2 of the PCI Community Meeting is just concluded.

We heard from former Representative Tom Davis about the prospects for federal legislation addressing cyber security. My take from the presentation is that such legislation is not very likely, and certainly not soon. Mr. Davis pointed out the difficulty and complicated legislative process with a polarized Congress, lower approval ratings for the President who might support such legislation, and importantly the barriers between the many federal agencies involved and general Congressional inertial. Statutory changes - barring a crisis such as a "cyber Pearl Harbor" - it is unlikely the many committees in the House and Senate with jurisdiction will act. We might see more hearings like those this Spring, so at least keep the popcorn popper handy.

A major element in today's schedule was the report from the PIN Transaction Security working group. I am not an expert in this area, and I won't pretend to follow all the many technical details around each of the various hardware components involved in a PIN-based transaction. But one thing I did learn was to tell you that if you are looking at purchasing or installing any kind of unattended payment terminal (UPT) such as a parking lot or ticketing kiosk, or if you have other kind of devices that accepts PINs whether they are attended or not, make sure the vendor hardware is compliant and listed. There are a lot of products, and many vendors have devices that are and are not compliant, so make sure to check everything out at the Council's website.

And again today, the Listening Meeting continued with a lot of feedback from merchants, vendors, QSAs, and maybe even an Elvis impersonator or two (you know who you are...). The Council will be posting presentation overheads and recordings on the website in a few weeks.

Now, if I can just make the standby list and get an earlier flight back home...