What a Difference a Week Makes!Sep 20, 2007
I was grumbling away last week due to my complete sense of frustration and seemingly isolation in our team's committment to defeating criminal activity online!
What a Difference a Week Makes!
I am sitting in New York City reflecting on my attendance at the first ever global community meeting of PCI DSS (payment card industry data security standards)Security Professionals! The conference was held in Toronto, Ontario, Canada from September 17th through to the 19th!
I came with my list... my long, long list of concerns and issues compiled over the last 4 years due to extreme frustration in dealing with the various card associations and acquirers in terms of not only getting ourselves annually audited to requirements that varied among them, but to those of our customers as well. I was ready to talk and talk during the various sessions offered to us.
What a pleasant surprise not to have to say a thing, because my collegues of which their were many...over 50 QSA and ASV's were in attendance at the event...were voicing all of my concerns and issues. The relief to know that our group of companies were not alone in their concerns and opinions on what had to be done to assure momentum on the road to getting our industry secure and keeping it secure.
These committed security and management professionals from every facet of our industry, Retailers, Acquirers, Payment and Application Service Providers, and Processors from around the world were all as committed and focus as I and my team on getting the job done. They were all committed to working together to getting the job done in a two year time frame. Although that time frame may seem unrealistic to some...after experiencing the level of communication between all related groups including the representatives from the card associations...We can do it...and together, we will all give our best effort to accomplish the goal of 100% PCI DSS merchant compliance throughout the world!
I want to thank Bob Russo and his team at the Payment Card Industry Security Standards Council for putting together a fantastic and informative event. The Council accomplished their goal by showing us their committment to the QSA's, ASV's, and all relavent stakeholders in the quest for 100% secured data. Our customers deserve nothing less than 100%.
One of the problems felt by all within our community was a lack of communication between the Council and Card Association and the field. That issue will be resolved by increased communication through online forums, newsletters and continued global community meetings. That way we will be able to keep you and our customers informed to the latest changes to any aspect of the PCI DSS requirements so that our customers can keep their strategic risk management plans up to date on a proactive basis, versus the reactive basis, that has been the prevalent and in most cases the only course of action available to us.
I came away from the conference with a renewed sense of optimism in the drive to getting our industry secured. I feel a strong sense of victory in our community committment to working together to defeating the criminal activity we are all so tired of fighting. Our unification at the global conference guarantees our success!
Thankyou to each and every one of you for your committment to the sustainable future that we, our children, grandchildren and all future generations deserve!