Every two years, PCI Security Standards Council asks its Participating Organizations to elect its next Board of Advisors. In this election by peers, companies have an opportunity to nominate candidates that they believe will best represent the interests of their organization, industry sector or region. As we enter the fall of 2020, it is election season once again and we begin the process of determining who will serve on the 2021-2022 PCI SSC Board of Advisors.
The 29-member PCI SSC Board of Advisors is elected by the nearly 800 PCI Participating Organizations around the globe and plays an active role in helping in the development and improvement of Standards and Programs at an executive level. As strategic partners, they bring market, geographical and technical insight into PCI SSC plans and projects. Recent Board of Advisors companies have included AccorHotels, Amazon, Chase, Microsoft, PayPal, Shell, Starbucks, Target, Walmart, and The Walt Disney Company, to name a few.
In a recent interview with PCI SSC Executive Director Lance J. Johnson, we asked about the value of the Board of Advisors, why it’s important for organizations to have a voice on the Board, and what he thinks will be the greatest challenge for the incoming Board in 2021.
What is the value of the Board of Advisors to the Council and how do their efforts impact payment security?
Lance Johnson: The Board of Advisors is instrumental in their impacts on payment security in two fundamental ways. First, they represent some of the most influential practitioners of payment security globally. Our Board has been comprised of some of the top Fortune 500 companies for many years and, collectively, they represent multiple trillions of dollars of payment transactions. They have direct interests in protecting payments.
Second, the Board provides advice and guidance on the issues and direction we need to pursue as we develop the standards, tools and support for all users and practitioners. In recent years, the Board of Advisors has been instrumental in contributing to major Council success stories.
For example, the Board was responsible for the Council creating our Qualified Integrator and Reseller (QIR) program to address the industry need to improve installation and maintenance of payment systems. They were also the driving force behind the Internal Security Assessor (ISA) program which trains and certifies people to the level of Qualified Security Assessors (QSA) as practitioners within companies.
Additionally, several standards have been shaped and influenced by Board input including PIN Transaction Point-of-Interaction (PTS POI) and Payment Card Industry Data Security Standard (PCI DSS) 4.0.
The current Board of Advisors has been crucial in providing insight and guidance on a range of issues especially during the COVID-19 pandemic. They raised the issue of online skimming threats, sometimes called “Magecart”, and helped the Council create and distribute special guidance for detection and prevention of online skimming threats. Most recently, many of the special COVID-19 guidance documents and accommodations were due directly to advisor recommendations.
Why should Participating Organizations serve on the Board of Advisors? What is the benefit to PCI SSC and to the PO?
Lance Johnson: The Council is a community and we rely on the members in that community to help educate and guide us. It is so fundamentally important that it is rooted in our Strategic Framework and a core pillar supporting our mission.
The Board of Advisors is the oldest and most important advisory group of participants at PCI SSC. Without them, we lose touch with the real industry issues and fall behind in our ability to support the entire payment ecosystem.
Being part of the Board gives each participant a unique view into what the Council is doing, where we are going and to be the representative that both creates the issues map and helps course correct our direction and efforts.
What do you see as the greatest challenge for the incoming Board in 2021?
Lance Johnson: 2020 has been an historic year for us all. The pandemic and its impacts have changed how we both live and work. For payment security it has meant adjusting to those changes and reacting to challenges like business closures, travel prohibitions and supply chain disruptions.
More than any prior Board of Advisors, the incoming Board will need to actively provide the Council with insight and guidance on the impacts and opportunities these changes create such as the security associated with the accelerated adoption of mobile and remote payments. We will need for each advisor to identify issues and suggest solutions proactively and continuously. Where they see the beginnings of business or technical changes, we must rely on their insights on the opportunities, and guidance on appropriate responses.
Plus, there are several crucial transitions occurring with the Council. PCI DSS 4.0 is in development now. Cloud services, mobile payments and software security have emerged as the critical drivers of change. These will all be areas of focus for the next Board. It is going to be a very dynamic and challenging environment and we need their commitment to helping us understand and stay ahead.
What is your vision for PCI SSC and how does the Board of Advisors help you achieve those goals?
Lance Johnson: Our mission is to enhance global payment account data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders. The advisors are voices for the needs and direction of the industry. Their participation not only sets an example but provides the industry leadership to achieve that mission.
What is the most important thing for a Participating Organization to know when considering serving on the Board?
Lance Johnson: Being part of the Board of Advisors is a commitment. Advisors are expected to contribute as representatives of their companies and of their communities. They will attend meetings, champion their positions and present new thoughts or perspectives to the Council. It is fundamental for the Council’s success to ensure we are hearing from all perspectives in our industry.
What should organizations know about the election process?
Lance Johnson: It is an election by peers. The Board is comprised of over two dozen organizations selected for a two-year term. This opportunity won’t reoccur until 2023, so now is the time to step forward. If you are interested in making a difference, make your interest known. Even if you don’t wish to run for election, please take the opportunity to vote.
The 2021–2022 nomination period runs from 14 September until 26 October 2020, followed by the election period from 9–20 November 2020.
To be elected to the PCI SSC Board of Advisors, you must be from a PCI SSC Participating Organization. Currently, PCI SSC Participating Organizations comprise a global payment security network of nearly 800 companies representing more than 60 countries. If you are interested in learning all about the benefits and opportunities of becoming a Participating Organization, please click on the link below.
Need more information? View this resource to learn more about the opportunities and responsibilities of serving on the PCI SSC Board of Advisors.
View Frequently Asked Questions about the PCI SSC Board of Advisors nomination and election process.