The changes in PCI 2.0 that add flexibility will definitely open the door for more debate and potential conflict, says Aaron Reynolds of Verizon Business. "Most of the clients are really frustrated," he adds. "What most organizations are looking for is really, 'how do I get there, and how can I get there with assurances that I'm not doing all of this for naught and the rug's going to be ripped out from under me?'" Reynolds drills into the benefits and downsides to the new rules in the latest StorefrontBacktalk podcast on security. To listen to the podcast, please click here.
When PCI was created, it was given a massive burden: to come up with a comprehensive set of security guidelines for any business that accepts payment cards, from Wal-Mart down to the two-store Phil's Bait Shop chain. Today, that burden is at the center of a key PCI debate: clarity versus flexibility. Is it better to have concrete requirements, so everyone knows what to expect, or to have more options, so PCI rules can be more easily adopted to a wide range of merchants? It's the topic debated in this week's PCI podcast.