Welcome PCI Pal, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! In this special spotlight edition of our PCI Perspectives Blog, PCI Pal’s Chief Information Security Officer Geoff Forsyth introduces us to his company and how they are helping to shape the future of payment security.
Tell us about your company.
PCI Pal is a leading provider of SaaS solutions that empower companies to take payments securely, adhere to strict industry governance, and remove their business from the significant risks posed by non-compliance and data loss.
Our mission is to safeguard reputation and trust by providing customers with secure payment solutions for any business communications environment including voice, chat, social, email, and contact centre.
We are integrated to, and resold by, some of the world’s leading business communications vendors, as well as major payment service providers. Our products can be used by any size organisation globally, and we are very proud to work with some of the largest and most respected brands in the world.
Why did your company decide to become a Principal Participating Organization?
We have been a Participating Organization of the PCI SSC for many years and when we were invited to increase our engagement it made sense. There are many advantages, including being part of the conversations to shape the future of the standards. As experts in this industry, we are pleased to bring our expertise, experience and innovation to the table and demonstrate our firm commitment to data security and compliance, alongside supporting our customers in upholding the requirements of the PCI DSS.
From a personal point of view, I am delighted to have been elected to the PCI SSC’s Board of Advisors this year where I’m able to bring industry, geographical and technical insight to the Council’s plans and projects. I also enjoy the valuable opportunity to network and collaborate with others from the industry, stakeholders, and regulators, as well as share best practices and learning from each other’s experiences, which is very useful.
Which benefits are you most looking forward to as a Principal Participating Organization?
I think the key benefit is our involvement in helping to maintain industry standards overall. Every day, we are working with multi-national brands, retailers, and public sector organisations across the globe and to help them meet the latest standards, so it is beneficial to take our real-world learnings as a leader in the payment compliances space, and feed this back into shaping future standards. As we continue to shape the contact centre payments space, we look forward to further sharing our innovation with the wider payments community.
In addition, participation in various working groups and committees within the PCI SSC gives us the opportunity to address specific industry challenges in an open expert forum and contribute to innovative solutions that will benefit the industry as a whole.
Why is it important for companies to get more involved with the PCI Security Standards Council, especially at the Principal Participating Organization level?
For Principal Participating Organization level firms, we are able to access early warning of emerging security threats and vulnerabilities, which will enable us to take proactive measures to protect not only our own systems, but those of our customers too.
What are some payment security topics that you’re interested in collaborating on?
The payments industry is an exciting journey, and there are many topics that we are interested in collaborating on, as a PPO. This includes the Digital Payments ecosystem – with more and more consumers preferring to use mobile wallets, contactless payments, and other innovative payment methods, it’s so important the industry stays ahead of these trends. We’re keen to delve into the security challenges posed by these technologies and how best to safeguard sensitive payment data throughout the entire transaction lifecycle.
There is also Artificial Intelligence (AI) and payments security. Investigating the integration of AI (and machine learning) into payment security processes is very topical, from understanding how AI can help fraud detection and reduction, as well as the use of conversational AI as part of the payments process for contact centres.
Other topics include the implementation of PCI DSS v4.0; here we’re particularly interested in exploring the technical and operational changes required by organisations to meet the new standards, and helping to share insights on how they can facilitate a smooth transition.
Finally, we continue to support organisations in understanding their year-round PCI DSS obligations, and therefore collaborating on comprehensive strategies to help firms maintain continuous compliance with PCI DSS (and other relevant standards) will be interesting to explore as part of the PPO.
Ultimately, we welcome the opportunity to share insights, research findings, and best practices, and to work together towards shaping the future of payments security.