PCI Community Meeting – Day 1 at The Listening Meeting

I'm here in Las Vegas with 650 of my closest PCI friends, including Tom Davis of Indiana Univeristy (For those of you who forgot, we represent NACUBO which is a Participating Organization). The PCI Community Meeting - this is the third - seems about twice as big as last year. I guess that makes sense since there are now over 500 participating organizations, 203 QSA firms, 145 ASVs, and 8 PED labs. If I had to give this PCI Meeting a title, it would be "The Listening Meeting." The Council is in it's feedback phase, soliciting feedback from all parties on the DSS (and PA-DSS) and how it should be changed, massaged, edited, clarified, expanded, contracted, and otherwise revised. In case you missed it, we are scheduled for the next revision to PCI DSS in October '10.There were some particularly good sessions today. Let me try and describe each and give you the highlights. The first had Verizon presenting highlights from their 2009 Data Breach Investigation Report. The message reinforced that the threats continue (the role of organized crime; the thriving underground market for card data, etc.) and most companies are not prepared. Not surprisingly, online systems accounted for most breaches, and most companies (continue reading...)