PCI council announces credential plans and new chairperson

News by Dan Kaplan

The PCI Security Standards Council is planning to introduce a certification that demonstrates a company is qualified for assessment.

The PCI Security Standards Council is planning to introduce a certification that demonstrates a company is qualified for assessment.

Speaking to SC Magazine US, general manager of the council Bob Russo said that security practitioners have expressed interest in obtaining such a credential to demonstrate their compliance with the Payment Card Industry Data Security Standard (PCI-DSS).

“A lot of people want to have a certification at the end of their business card," he said. However, the council is viewing the certification as a way for professionals to express that they understand the intricacies of the 12-step standard for protecting credit card information, and what the ramifications are for not being compliant.

The certification can be achieved by passing an online exam and Russo said that the council is likely to offer a boot-camp-style training course for those wanting a refresher. This proposed new certification has not yet been named.

The council is also planning to begin training assessors on how to validate point-to-point encryption products; according to Russo those that pass will be listed on the council's website, in the same format as PCI-approved payment applications and point-of-sale devices.

“The spectre of scope reduction is what's driving the merchants and government to buy these solutions,” he said.

This week the PCI council also announced the appointment of Michael Mitchell as its chairperson for 2012. Mitchell is vice-president of global network operations for American Express.

In his current role he is responsible for the secure processing of payment data throughout the transaction lifecycle, including information security policy, numerous risk management functions and global compliance operations.

He said: “2012 will bring a number of new challenges and opportunities for the council and its stakeholders. From continuing to evaluate how emerging payment technologies affect the PCI standards, to working with stakeholders to best leverage their insights through our feedback period, this is going to be an exciting year.”

Russo said: “Continuing to drive awareness around payment security and providing the resources our stakeholders need to implement strong PCI security programmes is a key focus for the council in 2012.

“With Mitchell's extensive industry and management experience and his proven leadership, he brings strong resolve to help organisations protect cardholder data worldwide.”

Mitchell succeeds Eduardo Perez, head of global payment system risk at Visa, who held the position for the 2011 term.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews