Michael Mitchell VP, global data security, American Express
Michael Mitchell VP, global data security, American Express

Over the past year, there have been a number of breaking news stories on the latest, greatest and most sophisticated threats – from Zeus to Duqu to Flame. All of these scares are enough to keep any IT security professional awake at night. However, while attacks like these are grabbing the headlines, they are still few and far between while having very specific objectives. 

Meanwhile, the more widely dispersed attack forms, lurking close to home, pose arguably greater threats to organizations. This isn't an elite hacker in an exotic location. This is the person you hired to make you more secure. These common mistakes often come by adding or reconfiguring a new system or through other integration failures. 

One of the things the Payment Card Industry (PCI) Security Council has done to counter this danger is the development and implementation of the Qualified Integrators and Resellers (QIR) Program. This new program trains and qualifies integrators and resellers that sell, install and/or service payment applications on the secure installation and maintenance of Payment Application Data Security Standard (PA-DSS) validated payment applications to support merchant Payment Card Industry Data Security Standard (PCI DSS) security efforts.

The council is also working to foster greater PCI expertise across the industry with the new PCI Professional (PCIP) training and certification program. Organizations can take advantage of this to better equip their IT employees to support their PCI compliance efforts, while IT professionals can build their skills with expertise in understanding and applying PCI standards for improved payment security.

Which is where you come in. With the move toward EMV adoption (see below) in the United States, the evolution of mobile technology for accepting payments and the promise of new technologies to reduce risk to cardholder data, understanding how to secure payment card data is more important than ever.

Next month, we will be kicking off new groups that provide opportunities for you to get involved in addressing security challenges in the year ahead. Additionally, our European Community Meeting is coming up Oct. 22 to 24 in Dublin. These events are your chance to network with security professionals from across the globe who represent a breadth of vertical industries and issues, while getting the latest on council initiatives, including the point-to-point encryption program, mobile payment security, special interest group projects and timely topics, such as EMV.

»Trouble from inside

According to Trustwave, 76 percent of breaches in 2011 were a result of security vulnerabilities introduced by a third party responsible for system support or development.

»EMV is coming

EMV (Europay, MasterCard and Visa) is a global standard for chip-enabled and IC card capable POS terminals and ATMs for authenticating credit and debit card transactions.

»For more information

You can play an active role in improving payment security today and the days ahead. The PCI Security Standards Council may be found online here.

»Get involved

To join the PCI Security Standards Council as a participating organization, please click here.


Michael Mitchell is chairman of the Payment Card Industry Security Standards Council.