Welcome BT Group, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! The Council’s Participating Organization program enables global collaboration by bringing together industry leaders to strategize about how to protect payment data from the latest threats and to anticipate the needs of an ever-changing payment ecosystem. In this special spotlight edition of our PCI Perspectives Blog, Simon Turner, Senior Manager, ISSCA Consultancy Services at BT Group introduces us to his company and how they are helping to shape the future of payment security.
Tell us about your company.
Simon Turner: BT Group is a multinational telecommunications company that provides a range of communication services including broadband, mobile, and telephone services to customers in the UK and worldwide. The company operates under several brands, including BT, EE, Openreach, and Plusnet. BT Group also offers IT services such as cloud computing, cybersecurity, and managed network solutions for businesses. In addition to its core telecommunications services, the company has a presence in the media and entertainment sector, offering TV and sports content, as well as virtual events and production services. With a commitment to innovation and investment in cutting-edge technologies, BT Group aims to connect people and organizations, transforming the way they communicate and collaborate.
Why did your company decide to become a Principal Participating Organization?
Simon Turner: As a merchant that handles payment card transactions from its customers, BT decided to become a Principal Participating Organization at PCI Security Standards Council (PCI SSC) in order to be part of the conversation surrounding the security of payment processing systems and protection of customers' sensitive payment card data. Additionally, BT also acts as a payment solution processor for a number of its customers where it can enhance the customer’s service.
As a PPO, BT Group will be able to share its expertise with other organizations that are seeking to comply with PCI SSC standards. Additionally, being a PPO provides BT with access to a network of experts and stakeholders in the payment card industry. This will allow BT to stay up to date on the latest security threats and best practices, and to collaborate with other organizations on security initiatives.
Overall, BT's decision to become a PPO was driven by a desire to ensure the security of its payment processing systems and protect its customers' sensitive payment card data, while also playing an active role in the development and evolution of security standards in the payment card industry. By doing so, BT will be able to provide its customers with a more secure payment processing experience and help to prevent payment card fraud and data breaches.
Which benefits are you most looking forward to as a Principal Participating Organization?
Simon Turner: BT are looking forward to being able to participate in the development and evolution of PCI DSS, providing feedback on the effectiveness of existing requirements and suggesting new requirements to help strengthen payment card data security. We're also excited about the possibility of inclusion in other payment ecosystems in the future. Being a PPO will grant BT greater understanding of the rationale for, and allow BT to play its’ part in, the evolution of current and future standards.
We're also looking forward to being able to collaborate with other payment card industry stakeholders, including other merchants, payment processors, and card issuers, to share best practices and work together to improve payment card security. This collaboration can help BT to identify potential vulnerabilities in its payment processing systems and to develop effective security measures to address them.
BT are looking to demonstrate to our customers that payment security is important to us and is embedded into everything we do. We're confident that joining as a Principle Participating Organization will demonstrate our commitment to protecting our customers' sensitive payment card data. This should also lead to increased customer loyalty and retention.
Why is it important for companies to get more involved with the PCI Security Standards Council, especially at the Principal Participating Organization level?
Simon Turner: By becoming a PPO, companies can have direct input into the development and evolution of PCI DSS and related security standards, contributing feedback on existing requirements and suggesting new ones to ensure that the standards remain effective in protecting payment card data against the latest threats.
Moreover, being a PPO provides companies with access to valuable resources and information related to payment card security, such as research, best practices, and updates on the latest threats, which can help organizations stay up to date on the latest developments in payment card security and implement effective security measures to protect against potential threats.
Additionally, PPOs have the opportunity to collaborate with other industry stakeholders, including merchants, payment processors, and card issuers, to share best practices and work together to improve payment card security. Ultimately, involvement with the PCI SSC at the PPO level can help companies better protect their payment processing systems and sensitive payment card data, increase customer trust, and ultimately benefit the entire payment card ecosystem.
What are some payment security topics that you’re interested in collaborating on?
Simon Turner: Three of the topics I'm interested in collaborating on are:
- Emerging payment technologies - With the rise of payment technologies like mobile payments, digital wallets, and contactless payments, it is important to stay up to date on the latest security threats and best practices for securing these payment methods.
- Tokenization and encryption and data anonymization are three critical security measures for protecting payment card data, and collaboration with other stakeholders can help identify the best practices for implementing these measures effectively.
- Compliance with PCI DSS - Compliance with the PCI DSS v4.0 is essential for protecting payment card data, and collaboration with other stakeholders can help identify the most effective strategies for achieving and maintaining compliance, and looking at the challenges others are experiencing.