Standards body to certify PCI end-user experts

Share this article:

The alphabet soup of security certifications is expected to grow this year when professionals get the chance to show off their expertise in the Payment Card Industry Data Security Standard (PCI DSS).

The PCI Security Standards Council, which manages and drives adoption of the standard, is planning to launch a certification that attests to one being qualified in preparing an organization for a PCI assessment, Bob Russo, general manager of the council, told SCMagazine.com on Thursday.

Security practitioners have expressed much interest in obtaining such a credential, Russo said. Part of the reason, admittedly, is for vanity, he said.

"A lot of people want to have a certification at the end of their business card," he said.

But the council is viewing the certification as a way for pros to express that they understand the intricacies of the 12-step standard for protecting credit card information, and what the ramifications are for not being compliant.

"They've been asking about it for a long time," Michael Mitchell, vice president of global network operations at American Express and the current chairman of the PCI Council, told SCMagazine.com.

The certification can be achieved by passing an online exam, and the council likely will offer a boot camp-style training course for those wanting a refresher, Russo said. The certification has not yet been named.

Also this year, the council plans to begin training assessors on how to validate point-to-point encryption products. The ones that pass will be listed on the council's website, in the same format as PCI-approved payment applications and point-of-sale devices.

The PCI requirements do not mandate the use of point-to-point encryption, which cloaks card numbers from swipe to the payment processor or card brand hand-off. But, the council has released guidance on how to best implement the technology.

"The specter of scope reduction is what's driving the merchants and government to buy these solutions, " Russo said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.