Interview with PCI’s Bob Russo

Episode #205 of the Network Security Podcast has an interview with the General Manager of Payment Card Industry (PCI)’s, Bob Russo.  In case you’re not familiar with PCI this is from Wikipedia “standard was created to help payment card industry organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise.” The standard is tiered depending on how many credit card transactions your organization processes.  The more transactions you process monthly then the more controls you must implement.  We mostly avoid PCI at work by using a punch out solution where we send customers to a PayPal clone for payment and therefore we don’t store or transmit any credit card data.

There’s a’ new PCI standard being released in the fall.  The big change is moving to a three year life cycle vs. the 2 year which has been followed to date.  This will give organizations an extra year to implement any changes in the standard.  This is also a positive indication that the standard has matured to the point where it is effective at reducing data breaches.  Let’s keep our fingers crossed there is not another TJX or Heartland breach occurring as I type this…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s