Archive for April, 2021

21
Apr
21

No 2021 Community Meetings

So much for getting together this year for a PCI Community Meeting anywhere in the world.  The Council sent out an email on Wednesday, April 21, that explains what will replace those events.

“PCI SSC is excited to announce the most important global online event for the payment card industry. New this year, the PCI SSC Global Community Forum will bring together industry experts from all over the world to share the latest in information security, update you on changes to PCI standards and programs as well as provide opportunities to network with peers. The PCI SSC Global Community Forum will take place online from Tuesday, 26 October – Thursday, 28 October.
This global online event held over the course of three days will include all the things you expect from PCI SSC events – important Council updates, regional insights, opportunities for feedback, networking, and fun engagement activities. Given the uncertainty of travel and international border restrictions, the Council has made the decision to offer this online event with dedicated days for each region presented in local time zones and cancel its 2021 in-person Community Meetings in North America, Europe, and Asia-Pacific.
Global Community Forum speaking submissions are still being accepted through Friday, 23 April at 11:59 PM EDT.”

Hopefully we will all get together in person sometime in the future.

01
Apr
21

There Will Be No PCI DSS v4

In a brief yet bold announcement, the PCI Security Standards Council today announced that the card brands have come to an impasse and cannot agree on key provisions of PCI DSS v4.

Council Communications Director, April Fools-Day, states in the Council’s Blog post that, “The card brands have tried and tried to work through their differences on key parts of the new version of the PCI DSS, but their differences have been unable to be resolved.  As a result, the Council has been informed that we will need to go back to pre-Council times when each card brand had their own security compliance program.”

An anonymous source from American Express stated that, “We fully expect to have our security program issued in a matter of days.  We were happy with where version 4 was headed, and we intend to publish that program with only minor revisions.”

A source from Visa USA who insisted on anonymity because they are not allowed to officially speak about the matter stated, “Version 4 as it existed was not an advancement.  Too many loopholes in the work program.  It wasn’t about to advance security of card data and was taking us back to the dark ages of information security.”

A Mastercard spokesperson stated, “What Visa said.”

Spokespeople for Discover and JCB had no comment on the news.

Dr. Brandon Williams, a known critic of the Council stated, “It was just a matter of time before this all imploded.  I have seen this coming for years.”

Dr. Anton Chuvakin, noted SIEM expert and author of many PCI DSS books, said, “Meh!”

The PCI Dream Team were stunned by the news.  However, after a moment to catch his breath, Art “Coop” Cooper said, “I suppose it was bound to happen at some point.  I just thought it would be decades out.”

It will be interesting to see the reaction to this news as people let it all sink in.  In the meantime, enjoy April the First.




Announcements

If you are posting a comment, be patient, as the comments will not be published until they are approved.

If your organization has a PCI opportunity, is in need of assistance with a PCI issue or if you would like the PCI Guru to speak at your meeting, you can contact the PCI Guru at pciguru AT gmail DOT com.

I do allow vendors to post potential solutions in response to issues that I bring up in posts. However, the PCI Guru does not endorse any specific products, so "Caveat Emptor" - let the buyer beware. Also, if I feel that the response is too "sales-ee", I reserve the right to edit or not even authorize the response.

Calendar

April 2021
M T W T F S S
 1234
567891011
12131415161718
19202122232425
2627282930  

Enter your email address to subscribe to the PCI Guru blog and receive notifications of new posts by email.

Join 2,386 other followers