The 2018 North American PCI Community Meeting is in the books! While there were a number of good takeaways from this year’s meeting, here are two key points I’d like to share.

1. Change

Since the last Community Meeting in September of 2016, over 50% of the documentation on the PCI Council website is new or updated. That’s a lot of change! For most people, PCI compliance is not their full-time job, and keeping up with changes can be a big challenge. It’s important that merchants keep up with the growing list of rules and regulations that the council is putting out.

2. Feedback

The PCI Council emphasized their commitment to taking feedback and using it to make changes. They gave many examples of this, including extending and making changes to the process for accepting feedback. Traditionally, the PCI Council solicited feedback from its participating member organizations and did not involve QSA firms significantly. This always perplexed me, as QSA firms, on average, spend far more of their time on PCI, and (in my opinion) are uniquely positioned to provide valuable feedback to the council in all areas of operations. So, 10-plus years after it was formed, the PCI Council has developed the Global Executive Assessor Roundtable (GEAR) to provide insight from a QSA perspective. I look forward to what changes this new feedback loop will provide the council.

At LBMC Information Security, cybersecurity and PCI compliance are our full-time jobs. Let us help you keep up with the ever-changing world of PCI compliance. Contact us today to learn more!