- Understanding the alert budget: A security team’s second ledger
- Baldor’s first-ever CIO sets the transformation agenda
- UK Lags Europe on Exploited Vulnerability Remediation
- BreachForums Hacking Marketplace Taken Down Again
- MediaMarkt transforma su modelo de negocio con el foco puesto en la omnicanalidad
Coffee with the Council Podcast: Help Shape the Future of Payment Security as a PCI SSC Participating Organization
Welcome to our podcast series, Coffee with the Council. I’m Alicia Malone, Senior Manager of Public Relations for the PCI Security Standards Council. At our Community Meetings in 2022, the Council announced a significant change to its Participating Organization program. Today, I am joined by the Council’s Senior Vice President of Education and Engagement, Mark Meissner who has been spearheading this effort, and is going to talk about some of these changes over the past couple of years, and how the PO program has evolved. Welcome, Mark!
Mark Meissner: Thanks very much. It’s wonderful to be here.
Alicia Malone: So, let’s start by defining what exactly is the Participating Organization program?
Mark Meissner: Sure, so the Participating Organization program, or the PO program as we call it, is really a way for those who work in the payments industry to have a chance to work with the PCI Council. We’re a standards-setting body, but we have to rely on the feedback and the collaboration of those all around the world who are associated with payments, whether that’s a merchant or a bank or a payment processor or a developer or a vendor. The PO program really allows us to foster those relationships with the key players in our industry through regular dialogue and that dialogue leads to exchanging ideas and feedback and guidance. As everybody knows, the payment industry is changing faster than it ever has with new technology, and the new threats that are constantly emerging, and collaboration within the industry is really key to helping us evolve and keep up with those trends.
Alicia Malone: So, what changed in 2022 when the Council announced a restructured PO program?
Mark Meissner: Well, the most significant change was that we introduced a new tiered structure for participation with the Council. Rather than just joining as a Participating Organization, you now have the option to choose to be either a Principal Participating Organization, an Associate Participating Organization, or even an Individual Participant, which is a new level that we created.
And let me just take a minute to explain the differences between those tiers. So, an Associate PO is very similar to the same level that we always had as a general PO before the program changed. As an Associate PO, you have regular dialogue with key stakeholders in our industry, and you also have the opportunity to provide guidance and expertise on Council initiatives.
The Principal PO program is for those organizations who really want a deeper level of involvement with the Council. The Principal members get access to exclusive strategy sessions that get to participate in our Roadmap Roundtable and our Technology Guidance Group, which helps steer the direction of the Council.
And then the third level is the Individual Participant. And that’s a new level that we created for those individuals who might have some expertise in payments or want to be involved with our organization, but their organization may not necessarily sign up. So, a good example: think about a college professor. There are college professors out there who do studies on payments, who are very knowledgeable about the payments industry, but their university may not necessarily join us as a PO. And so now we’ve opened the doors and given them the opportunity to join as an Individual.
Alicia Malone: So, how much influence do these participants really have on standards development?
Mark Meissner: Quite a lot actually. While we might be a standards-setting body, the PCI Council, we don’t operate in a silo. In fact, quite the opposite. We get a lot of feedback from a range of stakeholders. As a Participating Organization, most POs tell us that the benefit that they like the best is the Request for Comment (RFC) period that they get a chance to weigh in when we ask for comments from the industry. That feedback helps to influence the standards that are developed and how they’re revised and how they evolve.
I’ll give you just a quick example of that. When we were updating the PCI DSS v4, we had three Requests for Comments that went out to our community around the globe and we got over 6,000 comments back, which was really incredible. The industry really did drive the upgrade to that standard. Our Principal POs participate, as I mentioned earlier, in our Roadmap Roundtable Group and that group really determines kind of the future direction and the strategic planning for our standards. And then Principal POs also get to be involved in the Technology Guidance Group, which helps the Council with a lot of proactive technical insight.
Alicia Malone: Collaboration really is so important in the rapidly changing world of payments. How has the new program been received by the industry?
Mark Meissner: We’ve been really encouraged by it. Our numbers have really exceeded our expectations. Nine of the Top 10 Fortune 500 companies have joined the Council. Our numbers for our PPO program have certainly far and away exceeded our expectations. There’s a lot of enthusiasm with the organizations that have stepped up and participated in that group. But we aren’t done yet. We really want to continue to increase our numbers, our Participating Organization numbers, to expand participation. As I mentioned, we are a global organization and it’s a very big world out there and we have a lot of work to do to expand our reach. And as payments and technology change, expertise within the payments industry changes and so we need that expertise at the table with us.
Alicia Malone: And when you join as a Participating Organization, it’s more than just influencing the direction of our standards, right? Tell us a little bit about the benefits that come with joining.
Mark Meissner: Well, absolutely, and we have the full list of benefits for each tier that is available on our website, but I’ll highlight just a couple of the main ones. Some of the most popular benefits include complimentary passes to our Community Meetings. We have some of the best Community Meetings in our industry. This year, our North American event will be in Boston. Our European Community Meeting will be in Barcelona and our Asia-Pacific meeting will be in Hanoi. And you get access to those events, as well as access to our Global Content Library which just has a wealth of information available to you.
We also offer complimentary training and discounts on our training, which a lot of companies highly value. Companies have budgets for training programs, so we offer some training complimentary and other training at a discount, so a lot of our POs view that as a great benefit. And then one of the lesser-known benefits that we really want to emphasize this year, that’s really important for people to know, is almost everyone in our industry requires Continuing Professional Education credits, CPE credits. Most people that have any kind of training needs CPEs to maintain that education and so a lot of people need 40 CPEs a year. The Council is a really terrific resource and a great bargain for CPEs. We offer over 100 CPE opportunities that include things like attending our events or participating in a Task Force or with a Special Interest Group. The good news is so many companies already have a budget for CPE credits and so companies can draw from that budget to join us and have the opportunity to get their CPE requirements. If you’re somebody who needs 40 CPEs a year, you actually can get all 40 of them through the Council. And so, it’s a really good deal and we’re going to be putting out some more information about all the ways people can get CPE credits through the Council. So, look for that on our website.
Alicia Malone: I really love that. Those are some really great benefits and I feel like if you’re going to spend the money anyway, you may as well become a Participating Organization and just get so much more out of it for your money. So, if there is a company or an individual out there who is interested in joining the Council, or at least finding out more about the PO program, what should they do?
Mark Meissner: Well first, visit our website. It’s really a great place to learn more about the Council and our Participating Organization program. If you go to our homepage and go to the ‘Get Involved’ tab, and under that is ‘Ways to Participate’. We also have a really great video available on that page in which current PO companies talk about their experience with the program. So, you don’t just have to take our word for it. Our POs have a lot of great things to say about the ways that they’re allowed to participate. We also host information sessions periodically and we have regional representatives across the world who can speak with you to learn more about the benefits. You can also reach out to me. I’m on our website. I’m Mark Meissner. Please reach out directly to me. I’m also on LinkedIn. Always happy to jump on a call and talk with someone who might be interested in being an Associate PO. But if you want to have a voice at the table and in shaping the future of payment security, really joining as a PO is just one of the best ways to do that. And it also demonstrates your commitment to the industry and your commitment to payment security.
Alicia Malone: So, Mark, since you are on Coffee with the Council, we like to ask our guests how they take their coffee, or if you’re not a coffee drinker, what do you prefer instead?
Mark Meissner: I love coffee. So, I like a good cup of coffee with half & half and a packet of either Splenda or Truvia. My wife and I have gotten into flavored coffees. There’s one, Polar Peppermint, which is put out by Dunkin Donuts which is really good. So, I like that, especially in the mornings with maybe a warm slice of banana bread with a little butter spread on it. That’s a good breakfast.
Alicia Malone: Oh my goodness, that sounds delicious. And now I’m hungry. So, Mark, is there anything else you’d like to add before we wrap up?
Mark Meissner: You know the only thing I’d add is it really is a great time to be involved with the Council. The Council is undergoing a lot of changes. Our Standards over the next two years, almost all of them, are going to have a change or tweaks to them. So, if you want to be involved in the evolution of our Standards and the creation of our Standards, there really has never been a better time than now to participate. And so, I just want to put that message out there, that if you want to be involved, this is the ideal time to join us.
Alicia Malone: Great, that sounds terrific. And thank you so much for joining us today on Coffee with the Council, Mark.
Mark Meissner: Thank you! It was fun to be here.
Like what you’ve heard? Subscribe to PCI SSC’s “Coffee with the Council” podcast by visiting any of the following platforms: Apple Podcasts, Spotify, Amazon Music, Anchor, Castbox, Google Podcasts, iHeartRadio, Pocket Casts, RadioPublic, Stitcher, Audible, Overcast, or Pandora.
