GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

New federal watchdog eyes prepaid cards


Industry Update

Heartland nearing closure on breach after favorable ruling

Forensics expert, Google differ on Wallet security

The future of contactless payments

Payment predictions for 2012


PCI SSC rolls out new SIGs

Highlights from Inside Microfinance

Patti Murphy
ProScribes Inc.

Show us the money! - Growing business online by accepting more forms of payment

Brian Crozier

Research Rundown

Online shopping up for holiday season 2011

Lessons from the lemonade stand

Selling Prepaid

Prepaid in brief

Banks exhibit 'appetite for prepaid'

The game card opportunity beyond U.S. borders


Street SmartsSM:
The Durbin Amendment: Bust or boon for the industry?

Bill Pirtle
C3ET Credit Card Consortia for Education & Training Inc.

Kick off 2012 with a plan for success

Peggy Bekavac Olson
Strategic Marketing

Keep it honest in 2012

Jeff Fortney
Clearent LLC

PCI: The year in review, the year to come

Tim Cranny
Panoptic Security Inc.

Company Profile

RocketPay LLC

PAX Technology Inc.

New Products

Going global with online payments

Global Gateway e4
First Data Corp.

A platform for multichannel retailers

Multi-Channel Retail Management Suite
Retail Anywhere


Work through discomfort, expand your reach


10 Years ago in
The Green Sheet


Resource Guide



2012 Calendar of events

A Bigger Thing

The Green Sheet Online Edition

January 09, 2012  •  Issue 12:01:01

previous next

PCI SSC rolls out new SIGs

Editor's Note: For further thoughts on formation of PCI SSC SIGs, specifically the need for a SIG devoted to small and midsize merchants, see "SMBs: Security must become serious," by Bill Farmer, The Green Sheet, Dec. 26, 2011, issue 11:12:02.

In November 2011, the PCI Security Standards Council (PCI SSC) held a first of its kind election. Nearly 500 council members from around the world voted on topics for special interest groups (SIGs) in 2012. The results were: cloud computing, e-commerce security and risk assessment.

These topics were the top finishers on a list of seven issues put before members as possible subjects for SIGs. The seven topics were trimmed from a list of 13 subjects suggested by the PCI SSC community.

SIGs provide an opportunity for member organizations and individual council members to share their business and technical expertise in the global effort to apply Payment Card Industry (PCI) Data Security Standard (DSS) and related security standards to specific industries or technological issues.

SIGs recommend changes, clarifications or improvements to PCI security standards and the programs supporting those standards. Any PCI organization or individual member may take part in a SIG. All are encouraged to join the discussion.

General objectives

PCI SSC General Manager Bob Russo told The Green Sheet the specific objectives for each of the new SIGS are currently being decided. Russo said the council would be more concise about the objectives when the SIGs begin meeting in January 2012.

Generally speaking, the cloud SIG will look at the risks and security challenges of storing cardholder data in a cloud network. "There is a good opportunity here to build on the virtualization guidelines delivered by a previous SIG on the topic earlier [in 2011]," Russo stated.

The e-commerce SIG will help merchants and service providers understand how to work online securely. "E-commerce is a different beast than brick-and-mortar security, so we are excited to explore new best practices and guidance in this area," Russo noted.

The risk assessment SIG will "explore developing best practices and recommend methodology for merchants, service providers and [qualified security assessors] when it comes to performing risk based assessments applicable to cardholder data," Russo said. "Output of this SIG may further the efforts initiated with the council's Prioritized Approach document from several years back and help organizations understand how to mitigate the biggest risk first."

Topics to recycle

Russo said those topics not chosen for SIGs this year would not be discarded. The council will continue to hold these ideas for consideration for future SIGs.

"What has emerged from the SIG process ... is that we know our stakeholders want more on mobile [and] additional guidance on point-to-point encryption and cloud technologies," he said. "While cloud will be looked at in the SIGs, the council is also committed to providing additional guidance to these other important topics."

PCI participation

Russo noted PCI SSC staff members will chair SIGs to help remove bias while pushing the discussion forward and help ensure work is completed on time.

"We have everyone's best interest in mind - our mission is card security - we will ensure that any guidance or output does not cater to one specific group, but benefits the broader payments landscape as a whole," he said.

Russo expressed satisfaction with the interest and participation in the SIGs. "The benefits of having a large participant base (and we had hundreds of companies participate on previous SIGs) is that we have a wide range of industries and perspectives to add.

"The result is a great amalgamation of all of this knowledge that can help aid folks in almost any industry."

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Simpay | USAePay | Impact Paysystems | Board Studios