Page 1 - GS181201
P. 1
December 10, 2018 • Issue 18:12:01
PCI Council: making payment
security accessible, relevant
(SAQs), training, education, and product certification
programs. Despite these efforts, it finds that not all
merchants and service providers are up to speed on what
the PCI DSS is and how to implement it.
Verizon's 2018 Data Breach Investigation Report disclosed
downward trending PCI compliance rates, with small
and midsize merchants accounting for 61 percent of data
breaches in 2017. The Green Sheet asked PCI SSC leaders,
advisers and members how they work with payments
industry stakeholders to make the PCI DSS accessible and
relevant to everyone.
Educational outreach
"Small merchants think of PCI as a form they have to fill
By Dale S. Laszig out every year," said Ruston Miles, chief strategy officer and
co-founder at Bluefin, a technology platform. "And every
he PCI Security Standards Council (PCI SSC) year there are thousands of security breaches. Many small
wants merchants, consumers and service provid- merchants fall below the radar and don't even know when
ers to safely transact online, in apps and at stores. they're breached."
T Founded in 2006 by American Express Co.,
Discover Financial Services, JCB International, Mastercard Troy Leach, PCI SSC chief technology officer, said, "Small
and Visa, the global forum was charged with managing business owners are more vulnerable to cyberthreats
the multifaceted Payment Card Industry Data Security than Fortune 100 companies, because they don't invest in
Standard (PCI DSS), which the card brands established in security and monitoring. We try to engage them and make
2004 to perpetuate security best practices across a diverse them aware that using point-to-point encryption (P2PE),
payments ecosystem.
tokenization and Qualified Integrators and Resellers
(Q.I.R.s) can eliminate a majority of threats."
The remarkable alliance of five fierce competitors
underscores their commitment to building a safer payments
industry. Together with the council's Qualified Security
Assessors (QSAs) and Approved Scanning Vendors (ASVs), Contributed articles inside by:
the card brand founders govern industrywide compliance.
Each has a representative serving on the PCI SSC's Executive
Committee, a strategic group that formulates policy and Josh Herndon.........................................................................................23
oversees management committee projects, working groups, Steve Norell ............................................................................................40
special interest groups and taskforces. The card brands Peter Spee ...............................................................................................42
also enforce PCI guidelines and impose non-compliance Jeff Fortney .............................................................................................44
penalties when warranted, council members stated.
Christopher Hernandez ......................................................................46
Through the years, the PCI SSC has produced and guided
scanning qualifications, self-assessment questionnaires TOC on page 3
Continued on page 34
