Sign up to save your podcasts
Or
Share Episode 69 - PCI Standard Technical and Geographic Evolution - Troy Leach
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 69 - PCI Standard Technical and Geographic Evolution - Troy Leach
Episode 69 is all about how the PCI Security Standards Council is responding to changes in security technology and how it is expanding its role and technology coverage across important new geographies. If payment security is on your screen, join Glenbrook's George Peabody, partner and host of Payments on Fire, and Troy Leach, CTO for the PCI Security Standards Council as they discuss standards under development like PIN Entry on COTS, other new tools to mitigate data breach risk, and the Council's work in Latin America, Asia, and India.
A little background...
We don't need any more evidence for how difficult data security is. In payments alone the number of system components is so high that hardening them all has been functionally impossible. But we're are making progress. There's EMV. Data devaluation through encryption and two forms of tokenization - security tokens and payment tokens - reduces the amount of hack-worthy information available.
Guiding, steering, nudging, and corralling the payment card ecosystem toward stronger security is the PCI Security Standards Council. The PCI SSC has developed a 12 step standards program for the secure treatment of payment card data that goes well beyond data devaluation. Various enterprises looking to protect their own data assets, not just card data, use PCI DSS to guide their security program.
The Council's activity is expanding along with the threats we face. As technologies emerge that benefit security, the Council considers how to employ and deploy them. For example, the Council has a certification program for the token service provider function that handles payment token vaulting and other life cycle management tasks.
Another example is its soon to be released PIN Entry on COTS standard. Commercial Off the Shelf (COTS) devices include the smartphone that's by your elbow or in your hand right now. The standard makes clear that, with the right card acceptance hardware, PIN entry via a software-driven screen, rather than a physical encrypting PIN pad, is secure.
As you'll hear on the podcast, this is an exciting time in payments security development. Broad deployment of many important tools will take many years. That's the real news. As they come online, however, there's already reason for optimism. We just have to use what we have and get others to do the same.
View all episodes
By Glenbrook Partners, LLC
4.8
4040 ratings
Episode 69 is all about how the PCI Security Standards Council is responding to changes in security technology and how it is expanding its role and technology coverage across important new geographies. If payment security is on your screen, join Glenbrook's George Peabody, partner and host of Payments on Fire, and Troy Leach, CTO for the PCI Security Standards Council as they discuss standards under development like PIN Entry on COTS, other new tools to mitigate data breach risk, and the Council's work in Latin America, Asia, and India.
A little background...
We don't need any more evidence for how difficult data security is. In payments alone the number of system components is so high that hardening them all has been functionally impossible. But we're are making progress. There's EMV. Data devaluation through encryption and two forms of tokenization - security tokens and payment tokens - reduces the amount of hack-worthy information available.
Guiding, steering, nudging, and corralling the payment card ecosystem toward stronger security is the PCI Security Standards Council. The PCI SSC has developed a 12 step standards program for the secure treatment of payment card data that goes well beyond data devaluation. Various enterprises looking to protect their own data assets, not just card data, use PCI DSS to guide their security program.
The Council's activity is expanding along with the threats we face. As technologies emerge that benefit security, the Council considers how to employ and deploy them. For example, the Council has a certification program for the token service provider function that handles payment token vaulting and other life cycle management tasks.
Another example is its soon to be released PIN Entry on COTS standard. Commercial Off the Shelf (COTS) devices include the smartphone that's by your elbow or in your hand right now. The standard makes clear that, with the right card acceptance hardware, PIN entry via a software-driven screen, rather than a physical encrypting PIN pad, is secure.
As you'll hear on the podcast, this is an exciting time in payments security development. Broad deployment of many important tools will take many years. That's the real news. As they come online, however, there's already reason for optimism. We just have to use what we have and get others to do the same.
More shows like Payments on Fire™
View all
The a16z Show
1,095 Listeners
The AI in Business Podcast
170 Listeners
Founders
2,173 Listeners
Cold Call
195 Listeners
NVIDIA AI Podcast
332 Listeners
Bold Names
1,447 Listeners
Inside the Strategy Room
172 Listeners
The Payments Podcast
13 Listeners
Payments Nerds
27 Listeners
Leaders In Payments
15 Listeners
Coaching Real Leaders
671 Listeners
Business Breakdowns
350 Listeners
ACQ2 by Acquired
282 Listeners
Think Big, Buy Small
39 Listeners
Cheeky Pint
36 Listeners