The PCI Security Standards Council (PCI SSC) recently announced the nomination period for the next PCI SSC Board of Advisors. The Board of Advisors represents PCI SSC Participating Organizations worldwide to ensure global industry involvement in the development of PCI Security Standards. As strategic partners, they bring industry, geographical and technical insight to PCI Council plans and projects. In this post, we talk with 2018 - 2020 PCI SSC Board of Advisor Member Marie-Christine Vittet, Vice President Compliance, at Accor about the role of the PCI SSC Board of Advisors in shaping payment security globally.
What do you see as the greatest challenge to payment security in 2020?
Marie-Christine Vittet: The greatest challenge to payment security this year has been the Covid-19 pandemic. As a company, we massively generalized secure remote access for a greater number of employees who now continue their work from home. For us, compliance must continue as an ongoing process. There is no break for training and operational procedures. We organized our central annual audit remotely this year, due to Covid-19, and managed to successfully renew our PCI DSS compliance for one more year. The pandemic has forced us to discover another way of working on compliance that could endure over time.
How does the PCI SSC Board of Advisors impact payment security?
Marie-Christine Vittet: The PCI SSC Board of Advisors is the guarantor of best practices and trends in this ever-evolving field of payment card security. The collective expertise is there to always ensure a satisfactory level of security in organizations. The Board of Advisors influences the global compliance programs that are essential for companies to enforce the PCI DSS requirements. Our field functions provide an excellent representation of the different needs and sectors of the industry. We report regularly on our progress and remain agile against new threats.
Why did you run for the PCI SSC Board of Advisors?
Marie-Christine Vittet: As a member of the PCI SSC Board of Advisors, I have been participating and facilitating Council events for several years now and take advantage of these moments to exchange feedback with my peers. We use this information to make internal progress to continuously improve our PCI DSS compliance program and to communicate on strategic issues with the group. I like these regular meetings to keep me current on the PCI Council's news. It is a dynamic and very friendly professional network. It’s a good way to meet security experts without having a conflict of interest. As part of my participation, I support the small merchants working group whose interests I defend in order to facilitate the adoption of PCI DSS in these businesses, which are our hotels. As a result, several colleagues of the company are certified PCIP or ISA. It’s important for our organization to have a voice. One example of how we have a voice is that we have participated in case studies such as the PCI DSS in Practice Case Study: AccorHotels and Vigitrust.
How has serving on the PCI SSC Board benefited your company and your customers?
Marie-Christine Vittet: Serving on the PCI SSC Board of Advisors provides us with several opportunities to have a global impact on payment security. We provide our industry, regional and technical feedback to PCI SSC plans and projects. We ensure that the hospitality sector is represented and involved in the development of PCI Security Standards. We influence the global industry standards that deliver operational solutions for protecting payment card data. Nominations for the renewal of the PCI Board of Advisors 2021-2022 are open and we hope to be here for this new term.
What accomplishments of the 2018-2020 Board of Advisors are you most proud of?
Marie-Christine Vittet: I really appreciate being part of the solution. The PCI SSC Board of Advisors helps to influence guidance in the payments industry, and we have definitely been part of that process this year during the pandemic. I’m proud of our communication to stakeholders through the PCI Perspectives blog, such as the guidance surrounding Maintaining POS Device Security and Cleanliness. This information was very useful to me in adapting our processes and gathering the best recommendations for changes related to the global pandemic. I encourage you all to discover or re-read them to keep up to date.
Also on the blog: Make a Difference: Serve on the 2021-2022 PCI SSC Board of Advisors