Sep 28 2011
When I left Verizon Business, I stuck around all of July for one reason and one reason only: I’d been working with the folks at Verizon for several months to collect all the data we could about the Reports on Compliance we had done in 2010. I like my ex-coworkers, but it was really the fact that I wanted to help finish the report before I left. I’d spent a lot of time in the data collection and it was just getting to the number crunching and writing when I accepted my current position at Akamai. But I’d say sticking around to help write the Verizon 2011 Payment Card Industry Compliance Report was one of the best decisions I’ve made in my more recent history. Other than taking the role as Security Evangelist at Akamai, that is.
I’m not going dissect the report, I’m still a little to close to it. I will say that I’m worried because there’s a definite downward movement in compliance with the PCI requirements. I’m not sure if merchants are feeling burnout, if QSA’s are getting tougher or if something else is going on, but it’s not heartening to see that meeting with the requirements is becoming less of a priority for merchants. I wish the report had come out before the PCI Community Meeting so I could have asked Bob Russ and other Council members for some feedback. It might have put a little bit of a damper on the ‘Rah! Rah!’ that was being presented to the crowds.
I used to fight with Josh Corman, saying that while it wasn’t perfect, it had improved the landscape of security. Now I’m not so sure. If compliance with the requirements are on the decline, maybe it’s not barely even being given lip service anymore. Or maybe I’m reading too much into a year over year change, we’ll have to wait until next year to see.