Stay Classy, San Diego!

Stay Classy, San Diego!

Cooler weather and horrible flooding seem to be topping the news lately. My thoughts are with any of you who are affected. For information on how you can help, and I urge you all to do so, check out this page on

We just wrapped up the PCI North American Community Meeting in Vancouver last week. Some of you may have remember me saying that last year was my last year. Alas, I was mistaken.

That said, I hope everyone who went sends in their feedback. Frankly, I found the content (with the exception of Tim Horton’s talk) mundane and rehashed, almost to the point of being insulting. Next year may provide some relief as it is a release year (yes, PCI DSS 4.0 is but a year away), but be sure to let the folks at the Council know your thoughts on the content, and more importantly, what you want to see.

Here’s what you folks liked the most last month:

  1. The Only Customer Service Script You Will Ever Need. Maybe the economy is heating up? Who knows why this one is still at the top. Regardless, more people inquiring about customer service! Check out this diversion from security that will make you think about how you interact with your customers.
  2. The Definition of Cardholder Data. Yet another powerhouse that is keeping on top of the links. It’s still on people’s minds, probably because they are looking for ways to drop systems out of scope of PCI DSS, or because they are looking at the new eCommerce guidance from the Council. Hopefully this is a good benchmark for you. UPDATE: This post has new information added for PCI DSS 3.0/3.1.
  3. Neutral vs. Agnostic. I love that this post came back. Those of you who know me know my personal war against the word “agnostic” as a reference to a solution that is not dependent on any one particular technology or ecosystem. Check this post out to join my side!
  4. How to make a Mobile Payment App comply with PCI DSS. Mobility keeps coming back, and it’s one of my favorite topics. Especially with the recent findings that the median number of vulnerabilities among mobile apps is six. Your phone definitely has a vulnerable app on it.
  5. Is the Council Trying to Kill the QSA Program? The Council updated the QSA program for the first time since 2008 and added new requirements to qualify. What are your thoughts? Given the challenges companies face in finding good QSAs, does this signal the beginning of the end?

Thanks for stopping by!

This post originally appeared on

Possibly Related Posts: