By Gary Palgon, VP Healthcare Solutions, Liaison Healthcare Informatics
Bob Russo, General Manager of the Payment Card Industry’s Security Standards Council (PCI SSC) asked “How many of the 1000+ people here were at the first PCI SSC meeting in Toronto in 2006?” and I was one of a handful of people to raise their hands. In 2006, we were only a year into addressing credit card security and we had no guidelines and standards to follow. After 6 years, we have a very technical standard and many guidelines to following including encryption, tokenization and wireless environments among others. That’s the good news.
This year’s conference had much of the “same old”, a review of the currently available documents, some entertainment to keep people laughing and the introduction and discussion around mobile applications and devices. Good info can be found on the PCI site under Mobile Payment Security Guidelines. The bad news is there’s a lag between what they have made recommendations for and what is happening in the market. No answer for smartphones and tablets (and Square, etc..), just other mobile devices (like PIN/PTS devices)…yet. Hopefully there will be a day soon when they catch up – innovation is happening at a very fast pace.
One of the keynote speakers was Jamie Clark, one of the few people in the world to successfully climb Mt. Everest – complying with PCI is a lot like climbing Mt. Everest for sure.
Have you reached the PCI “summit”?
Until next time,