Tonight I’m blogging from the PCI Council Community Meeting here in Orlando, FL. Tomorrow we’ll be talking about the new changes in version 2.0 of the PCI DSS audit requirements (set to go into effect in 2011), but tonight was the welcome reception for the 1000 attendees here at the Buena Vista Palace Hotel.
Participation in the PCI Council Community Meeting conference is on the rise. Two years ago there were about 500 attendees from 300 participating organizations – now the numbers have roughly doubled. There are probably two major factors behind this.
One factor is the de facto status of PCI DSS as one of the gold standards of information security. When five competing credit card companies came together in 2004 to publicly agree on a single security standard there was much rejoicing throughout the industry. And the standard has held up: though major releases have come every two years, the original twelve categories and most of the subcategories remain essentially unchanged from the original.
The second factor is the ever-widening circle of companies that fall under the scope of PCI compliance. Originally it was large credit card processors and retailers, but in recent years even companies that only handle a few dozen credit card transactions a year have had to take notice. And as the scope widens, there are more people who want their voices to be heard in the decision-making process, which is where this week’s conference comes in.
I’ll be posting a few more items about this conference in next few days – please stay tuned.