PCI council announces credential plans and new chairperson

The PCI Security Standards Council is planning to introduce a certification that demonstrates a corporation is qualified for assessment.

Speaking to SC Magazine US, general manager of the council Bob Russo said that security practitioners have expressed interest in obtaining one of these credential to illustrate their compliance with the Payment Card Industry Data Security Standard (PCI-DSS).

“A lot of folk wish to have a certification on the end in their business card," he said. However, the council is viewing the certification as a technique for professionals to specific that they understand the intricacies of the 12-step standard for shielding mastercard information, and what the ramifications are for not being compliant.

The certification may be achieved by passing an internet exam and Russo said that the council is probably going to provide a boot-camp-style training course for those wanting a refresher. This proposed new certification has not yet been named.

The council is additionally planning to start out training assessors on tips on how to validate point-to-point encryption products; per Russo people who pass may be listed at the council's website, within the same format as PCI-approved payment applications and point-of-sale devices.

“The spectre of scope reduction is what's driving the merchants and government to purchase these solutions,” he said.

This week the PCI council also announced the appointment of Michael Mitchell as its chairperson for 2012. Mitchell is vice-president of world network operations for American Express.

In his current role he's liable for the secure processing of payment data within the transaction lifecycle, including information security policy, numerous risk management functions and global compliance operations.

He said: “2012 will bring a considerable number of new challenges and opportunities for the council and its stakeholders. From continuing to guage how emerging payment technologies affect the PCI standards, to working with stakeholders to best leverage their insights through our feedback period, this is often going to be a thrilling year.”

Russo said: “Continuing to drive awareness around payment security and providing the resources our stakeholders should implement strong PCI security programmes is a key focus for the council in 2012.

“With Mitchell's extensive industry and management experience and his proven leadership, he brings strong resolve to assist organisations protect cardholder data worldwide.”

Mitchell succeeds Eduardo Perez, head of worldwide payment system risk at Visa, who held the location for the 2011 term.