Just got back from London (and I feel fantastic!), and they are really taking an interest in PCI. I found it very interesting that many of the Big 4 are still heavily involved in providing advice about PCI even though they are not Qualified Security Assessment Companies. The funny thing is that the UK seems to be where the US was about three years ago. Still in the discovery phase, and not a ton of C-level attention yet. Until Visa, Inc. puts something like the Compliance Acceleration Program in place over there, it will likely have a very slow adoption rate.

Hopefully Visa will give people at least 24 months notice, and the banks will over-communicate with their merchants so there is not a huge panic 6 months before the deadline.

This post originally appeared on BrandenWilliams.com.