Holding up his Apple Inc. iPhone, Bob Russo, general manager of the Payment Card Industry Security Standards Council, declares, “This is the most insecure device in the world, and my life is on it.”
The task of providing the right security layers for payment products, especially in the emerging field of mobile payments, is daunting, observers agree.
Russo and brand-new PCI council Chairman Michael Mitchell, who is also vice president, global network operations at American Express Merchant Services, are stepping up the security best practices and services the council offers its 650 financial-services members.
“This is a fascinating time to be in the industry because of mobile technologies,” Mitchell notes.
The Wakefield, Mass.-based council is building assessment services to help banks determine the worthiness of new payment and data-security products. This year’s emphasis is on online and cloud-computing data-security issues.
The group has put together a community of 250 qualified security assessors trained in its payment application data security standard and are authorized to vet and certify that products or services have met the requirements.
“We’re training as many people as want to be certified,” says Russo. “Once a [product or service] is assessed, th
