PCI DSS has joined the list of certainties in life for the retail IT community and there’s no doubt that it’s one of the least attractive projects at the moment.
Despite this, we recently held our 8th PCI roundtable. We run these for customers every three to six months, focussing on what’s going on in the payments and PCI world. I think their success has been due, not least, to the “rules” we put in place the first time we sat down together:
- your meeting
- your discussion points
- your input
- your views
- Chatham House Rule applies
Notes are taken at each meeting and circulated to the BTE PCI LinkedIn forum but they remain anonymous. As part of my wider role I also try to provide some food for thought at each roundtable, whether that’s updates to standards or where payments and PCI have hit the news.
The good news for me is that our retailers keep coming back; the benefit for them is that they get to talk to each other about what they’re doing and how they’re tackling the PCI DSS.
This time we were kindly hosted by one of our customers and it was another great event. It must be said that their hosting was first class and for that I sincerely thank them, indeed it took a great deal of pressure off my shoulders as “facilitator”.
The hottest topic remains point-to-point encryption (P2PE) and scope and to be honest I think it will still be hot until at least the middle of 2013, simply because it has taken so long to get off the ground that we will not be clear on how P2PE fits with the overall PCI DSS with any certainty until retailers (and Payment Service/Solution Providers and Service Providers) go through the process. “It’s like going back to PDQs (Process Data Quickly),” one retailer remarked, referring to the terminals provided by acquiring banks; “Yes, but a bit cheaper,” was the response.
Other topics included contactless, NFC and mobile payments; Visa merchant agent and the QIR program; the possible merge of PCI into the Data Protection Act in Europe and the PCI compliance timelines which loom in 2012/13.
Overall the event must have been a success, or we wouldn’t have agreed to a 9th roundtable in September! Contact me for more information or visit the BTE PCI LinkedIn forum for details.