Welcome Block, Inc., a new Principal Participating Organization (PPO) at the PCI Security Standards Council! In this special spotlight edition of our PCI Perspectives Blog, Chanda Mafuka, Block Security Governance, introduces us to his company and how they are helping to shape the future of payment security.
Tell us about your company.
Block, Inc. (NYSE: SQ) is a global technology company with a focus on financial services. Made up of Square, Cash App, Spiral, TIDAL, and TBD, we build tools to help more people access the economy. Square helps sellers run and grow their businesses with its integrated ecosystem of commerce solutions, business software, and banking services. With Cash App, anyone can easily send, spend, or invest their money in stocks or Bitcoin. Spiral builds and funds free, open-source Bitcoin projects. Artists use TIDAL to help them succeed as entrepreneurs and connect more deeply with fans. TBD is building an open developer platform to make it easier to access Bitcoin and other blockchain technologies without having to go through an institution.
Why did your company decide to become a Principal Participating Organization?
Block has served on PCI SSC’s Board of Advisors for more than eight years. When PCI SSC
announced the new organizational structure and creation of the Principal level of participation for 2023, we saw it as the next natural step in our affiliation. This kind of structure makes sense for taking PCI SSC forward and creates an opportunity to influence standards development in a way that benefits the greatest number of participants in the payment ecosystem.
Which benefits are you most looking forward to as a Principal Participating Organization?
Block is keenly interested in the ability to expand our participation opportunities with PCI SSC in
more meaningful ways. Specifically, being able to join the Roadmap Roundtable Group and help set strategies for the organization to become more effective over time and align the Council’s activities with the path of technology development is a significant value. Additionally, joining the Technology Guidance Group and helping proactively develop and shape PCI standards is key to the evolution of the requirements. Block has always been a contributor to PCI standards development through providing feedback during the Request for Comment cycles, but that is addressing change reactively. Having a seat at the table for the development of the standards allows us to contribute a unique perspective as an organization that is subject to so many of the PCI SSC standards (e.g., PCI DSS, PCI PIN, PTS Device Approvals, SPoC certifications, etc.).
Why is it important for companies to get more involved with the PCI Security Standards Council, especially at the Principal Participating Organization level?
The success of a standards organization is largely dependent on its members and the widespread adoption of the standards it publishes. The most effective organizations create standards in partnership with their members - ensuring that requirements are applicable in real-world situations and not just lab environments. Getting involved with PCI SSC and joining at the highest level possible is the most direct path to that kind of partnership.
What are some payment security topics that you’re interested in collaborating on?
Block participates in almost every aspect of the payment ecosystem. We are interested in continuing work with PCI SSC in areas that are seeing fast-moving technology development and changing business models. For example, there is still much work to be done to right-size the standards associated with mobile device security. Additionally, there are opportunities to address how traditional security controls may be considered in software-based environments as the reliance on cloud-based solutions/services continues to increase.