Friday, September 7, 2012

PCI Council on Mobile, EMV, ecommerce, and Listening

There is a very good interview at BankinfoSecurity where Bob Russo (PCI Council General Manager) and Mike Mitchell (PCI Council Chairman) address initiatives and objectives for the Council and the standards in the coming year.

Many of you have heard Bob Russo speak at PCI Workshops or other public forums.  I got to meet Mike Mitchell earlier this year when we sat down to talk at RSA.  With the PCI Community Meeting coming up next week, the interview tells me several things.  First, mobile payment solutions rank high on the Council's agenda.  This is no surprise, and with the speed of merchant adoption across the merchant spectrum (including many of your campuses, whether you wanted it or not!) it is welcome news.  They also cite Point-to-Point Encryption (P2PE), which is my personal favorite technology that can reshape completely the merchant compliance framework.

Next week is what I call the "feedback" meeting.  The Special Interest Groups (SIGs) will report on their recommendations.  I will pay a lot of attention to the Cloud SIG in particular.  The ecommerce SIG will report its findings, too (and yes, that'll be me up there for my 15 minutes of PCI fame).  I feel our final report, which should be ready this fall, will be valuable for higher ed institutions.

For it to be successful, the feedback meeting has to also be the listening meeting.  Everyone should be encouraged by the detail the PCI Council provided on each individual piece of feedback they received.  Really: the report was 66 pages long!  Participating Organizations got to see every comment, and they got to see the Council's decision: e.g., whether it was accepted for current consideration, not accepted, or postponed for later consideration.  Every person may not have agreed with every decision, but at least everyone who commented knows they were heard.  It doesn't get much better than that.

Speaking of listening, I'm looking forward to the Associations breakout session.  That is where associations like NACUBO that represent industry segments get together with PCI Council staff and the card brands.  The rules of the game are that much of the content of the Council meetings and deliberations (including the Association meeting) are confidential...what goes on in Orlando stays in Orlando, I guess.  Therefore a lot of the discussions are not fair game for posting in blogs like this.  To the extent there are things to report, I'll be writing more from Orlando.

Meanwhile, surf over to the interview with Bob and Mike.

1 comment:

  1. I saw the interview, very interesting. Thanks for some more explanation on the subject!

    ReplyDelete