Welcome to our podcast series, Coffee with the Council. I'm Alicia Malone, Senior Manager of Public Relations for the PCI Security Standards Council. Today we'll speak with Jeremy King, the Regional Vice President of Europe, the Middle East and Africa, for PCI SSC. Thank you for joining us today, Jeremy.
Jeremy King: Hi, Alicia. Delighted to be joining you on this latest edition of the Coffee with the Council podcast.
Alicia Malone: So, tell us a little about your role at the Council and the regions that you serve.
Jeremy King: So, my role at the Council is part of the Education and Engagement team and as the name suggests, I'm working with any and all organizations involved in the payment life cycle. So, from merchants to acquirers and everyone else in-between, and from vendors to assessors. And I also work regularly with bodies and government agencies in an educational role to help raise understanding of the PCI SSC standards and programs and how we are helping secure payment data. As VP for Europe, Middle East and Africa, my area of involvement, as you can tell, is quite clear but also covers a very large area.
Alicia Malone: Yes, that sounds like you have a lot of work to do in those areas and it sounds like a vast region. What is the latest news from the payment industry in those regions? What kinds of trends are you seeing?
Jeremy King: I guess in one word it's change. Massive change. And really a lot of that was driven through the COVID crisis. So, we've seen a huge migration towards contactless payments. In fact, contactless payments are now accepted virtually everywhere, not only in my region, but around the world and we're seeing a strong move away from cash. And this move has also seen merchants wanting to be able to accept payment in more remote locations, as well as provide a more exciting shopping experience in their stores.
Both of these have led to a huge interest in mobile-based payments and this interest is flowing through with our new Mobile Payments on COTs (MPoC) standard which we released at the end of 2022. The same period has also seen a significant change in how the criminals are attacking organizations and stealing data. Again, COVID saw a real change in this with a massive rise in phishing-based attacks as well as an increase in ransomware.
But it's not all bad news. The recently published UK Finance Annual Fraud Report shows, thanks to improvements in authentication requirements and a move toward improved security along with tokenization, a fall in e-comm card-not-present fraud for the fifth straight year in a row. So, we are doing some things right and so is our community.
Alicia Malone: Well, that's great news. What are the opportunities and what are the threats to payment security in your markets and how is the Council helping to address these?
Jeremy King: The release of PCI DSS v4.0 has been very well-received thanks in part to the significant level of involvement by EMEA-based organizations through the Request for Comments (RFC) process. Overall, we have 6,000 comments and that really improved the standard when it was released, but we do face two key challenges. The first is complacency and the second is that the criminals are changing tech. What do I mean by that? Security is an ongoing, continuous process needing time, effort, and resources. If a company thinks that threat levels have fallen, then they may reduce the effort around that and reduce the size of the team and suddenly their level of security drops down and they become open to attack, and that's something none of us want.
And the other even greater challenges are that the criminals are monetizing personal data. So, whilst organizations have taken great care through the adoption of the PCI standards to secure their payment data, they're not applying the same level of due diligence and security to their customers' personal data. And even worse, they see cybersecurity and PCI DSS as separate issues needing separate solutions from separate teams. This is payment security; this is data security. They're both the same. The criminals are just wanting to monetize anything they can steal and, at the moment, it seems to be easier for them to get personal data than payment data.
So, organizations need to get themselves really well set up. Have one team that's focused on security and focus that security through continuing to follow the PCI standard to secure payment data and their customers' personal data. And that way we can really start to drive down the success that the criminals are having and really ensure and build confidence from their customers that they are taking security very seriously. And the best way for an organization to do that is to really play an active role in the Council through our Participating Organization program.
Alicia Malone: And that's a great segue to my next question, Jeremy. Let's talk a little bit about the Council's new Participating Organization restructuring. I know you were heavily involved in that process and in recruiting for the new Principal PO level. How has the restructuring been perceived by stakeholders and what kind of response have you seen?
Jeremy King: This has been a huge change for the Council, and it is one of the really exciting changes that we've introduced. So, with the launch of the new Participating Organization program, we're allowing organizations to play a much greater role in the future direction and focus of the Council. Through our new Principal PO program, it allows those organizations to have more input, more collaboration, and more interaction with the Council.
Payment security is a global issue and providing and supporting global standards requires global involvement. So, our new PO program generates lots of opportunities and thankfully has been taken up globally by organizations who are now playing a much more active role within the Council, and I'm delighted to be seeing that taking place. We've got our first Board of Advisors meeting at the end of June where we'll see all of these new organizations being actively involved and helping to guide the Council. And really that's very exciting because that is going to help generate improved security for all of the global community.
Alicia Malone: On the 1st of June we began the new term for the 2023 - 2025 Board of Advisors, that you were mentioning, for the Council. Can you tell us a little bit about the Board's expansion and what's new this term in light of the overall PO program restructuring?
Jeremy King: Yeah, you're absolutely right. 2023 June is the start of our latest term of our Board of Advisors and it's actually going to be the largest we've ever had. So, we established the Board of Advisors virtually from the start of the Council and it's gradually expanded and increased to create not only 24 seats specifically for our Principal POs, but also to have 30 seats available to our existing Associate POs through the election process.
So, we've expanded the Board of Advisors to increase involvement, not to just try and make it available to a smaller minority group, and that's really important. We want to hear from this broad spread of organizations across our community from all of the sectors and again, that's an important part of the Board is we have representation from the merchants, from the processors, from the vendors to really get that broad input to help guide the Council on some significant issues.
The other major change for this Board is we are actually changing how we operate. So going forward with this new Board, the Board is going to be involved in voting for the approval of any new standard or any major update to our existing standards before they're released. So, this is really giving the organizations involvement and input and it is truly making the Council an open standard body that is going to be improving security for payment data globally, and that is fantastic, and that is really what's getting me excited.
Alicia Malone: So, Jeremy, you're a very busy man at the Council but outside of your day job, tell us a little bit about yourself. What kinds of things are you passionate about and what would you like others to know about you?
Jeremy King: Well, I guess given the size of my area, it may not come as a surprise, but I do like to travel. I think if I didn't, I would struggle in my role. But I have been very fortunate to visit some outstanding citizen countries. I can't tell you a favorite because I go to so many amazing places that, as I go around, I see something beautiful here and something fantastic there so it's really difficult to actually nail it down to one location.
When I'm back at home, actually I like to chill in the garden. I do like gardening. Both my wife and I enjoy the garden and spring and summer bring so much color and joy that it's lovely when I just get out in the garden and just spend a few hours relaxing and just making it look beautiful. And that's what I like to do.
Alicia Malone: That sounds really lovely, and of course I would be remiss if I didn't ask you how you take your coffee, since you're on Coffee with the Council. Or if you are not a coffee drinker, what do you prefer instead?
Jeremy King: As a European, coffee is a big issue and a key part of the day. I do like my coffee strong and black. But I have to say my absolutely favorite coffee has to be coffee served for breakfast in the boutique hotels of Paris. Together with a fresh croissant, there is no better way to start the day.
Alicia Malone: I agree with you, Jeremy. I had a chocolate croissant in Paris, and I've never forgotten it and it's been years.
Jeremy King: Yeah.
Alicia Malone: But it was so memorable because it was so amazing, so I hear you. Well, thank you so much for joining us on Coffee with the Council. It's been a pleasure getting to know you more, Jeremy.
Jeremy King: Thank you very much, Alicia.
Like what you’ve heard? Subscribe to PCI SSC’s “Coffee with the Council” podcast by visiting any of the following platforms: Spotify, Anchor, Pocket Casts, Google Podcasts, or RadioPublic. Coming soon, the podcast will also be available on Apple Podcasts.