Mar 28 2009
Last week I had a chance to sit down and talk to Michael Dahn and David Bergert to discuss the payment industry in general and PCI specifically. Michael is the CTO of the Aegenis Group and the Society of Payment Security Professionals and David is the Technology and Development Director for On-Line Strategies. I always enjoy talking with like minded security professionals, especially when they say ‘Martin has a good point.”
PCI and the payment industry is always a little hard to talk about because we can’t give specific advice on how to implement technologies or how to solve particular problems listeners may have. Not just because my employer is a QSA company, but also because when you get down to actually implementing PCI, it really depends on your particular environment and what works for one company will be completely wrong for another company because of minor differences between the two. Which is why we talked about some of the philosphy behind becoming both PCI compliant and secure at the same time.
This is part of a series of discussions with payment industry professionals Michael will be doing over the next few months. It should be interesting to see who he’ll get talk about the payment security industry and how opinions differ based on what part of the industry they’re in. The Payment Card Industry Data Security Standards (PCI-DSS) are the most visible part of the payment industry at the moment, but it’s just the tip of the iceberg for the industry as a whole.