Increasing industry participation and knowledge is a core pillar in the PCI Security Standards Council’s strategic framework, which guides how the Council achieves its mission and supports the needs of the global payments industry. To round out our Q&A blog series introducing the framework, we interview PCI SSC Executive Director Lance Johnson on this foundational strategic pillar and how it ties the framework together.
What does the Council’s focus on increasing industry participation and knowledge mean?
Lance Johnson: Collaboration is central to the Council’s mission. As illustrated with the orchestra video at the PCI Community Meetings this year, securing payment data is not a solo act – it takes a community.
This collaboration happens when the payments industry is involved and participating in the work we are doing. It takes organizations around the world lending their input and perspectives to the standards development process. It takes people from small companies and large companies using PCI SSC Programs and training to build and share knowledge for understanding and applying security standards and best practices.
Growing this collaboration through greater participation and knowledge is key to delivering on our mission, and it is foundational to evolving security standards and validation, securing emerging payment channels and increasing standards alignment and consistency.
How is the Council’s focus on increasing industry participation and knowledge shaping PCI SSC initiatives?
Lance Johnson: This focus on industry participation and knowledge has always been a part of Council activities, but it is now more important than ever. It is the driver for the Council’s recent creation of a new department within the organization that focuses on stakeholder engagement.
The stakeholder engagement team will gather industry insight and intelligence from the payments community to improve and evolve PCI Standards and Programs. This group will also focus on providing information and resources to support effective implementation and adoption of our standards and programs.
As I mentioned above, growing industry participation and knowledge sharing is foundational to our efforts to develop standards that are aligned and consistent and that match the needs of the payments industry. There are a number of initiatives we’ve introduced to help foster this collaboration.
For example, we’ve made improvements to the Request for Comments (RFC) process to make it easier for PCI SSC stakeholders to influence the development of PCI Standards that impact them. This year alone we conducted 6 RFCs for both existing and new PCI Standards, including PCI Data Security Standard Version 4.0 (PCI DSS v4.0). In total, stakeholders provided more than 4,500 individual items of feedback during these RFCs. We plan to expand the use of RFCs in the future as we look to engage our stakeholders more actively.
We have also established focused efforts in the growing markets of Brazil, India and Japan, as well as stakeholder engagement channels like the Regional Engagement Board and the Global Executive Assessor Roundtable (GEAR), all aimed at increasing global participation across the payments ecosystem.
How does the Council’s focus on increasing industry participation and knowledge ultimately benefit the industry?
Lance Johnson: By contributing their insights, perspectives and knowledge to the Council’s efforts to secure payment data, global payments stakeholders will benefit from better standards and more comprehensive sharing of resources that reflect and address their needs and challenges.
Any final thoughts on this topic?
Lance Johnson: As innovation and evolution change payments, to achieve our mission, the Council must be equally flexible and evolve. And to do this, we need the ongoing involvement of payments industry stakeholders, guiding the development of our standards and helping foster greater payment security knowledge and understanding.
I’m so appreciative of all the organizations and individuals who have participated in our efforts to secure payment data globally, and I’m excited about continuing to build and expand upon this collaboration.