The Payment Card Industry Security Standards Council is starting its special interest group process a month earlier this year to give participants more time to consider new areas to cover under the PCI standard.
Each year, special interest groups within the council study three major topics in need of more requirements or guidelines. Those three topics are chosen from numerous written proposals submitted from participating organizations.
"This year we tweaked the process to start a month earlier to give our participating organizations and our assessors a 60-day window [to obtain topic ideas]," Bob Russo, general manager of the PCI council tells PaymentsSource.
The PCI Council announced May 24 that it is calling for participating organizations to submit topic ideas starting June 1.
Last year, the council received 35 proposals for consideration as potential topics for 2012 special interest group study. Those were narrowed down to seven, which were discussed at PCI community meetings. The council's more than 600 participating organizations then voted to determine the final three that would be assigned to special interest groups, Russo says.
For 2012, special interest groups studied security aspects of e-commerce, risk management and cloud computing. The groups will report their findings on e-commerce and risk in August and on cloud computing in October. The council will then create new requirements or guidelines based on these reports.
"This is a good opportunity for those in the industry to put their hat in the ring and participate," Russo says.
Those interested in submitting topic ideas can do so through a new submission form on the council website through July 31. Further information about special interest group participation is available on the site (see link).
In following the same routine as 2012, the council will discuss and pare down the submissions in preparation for community meetings later in the year in the United States and Ireland. Participating organizations attending those meetings will vote for the top three topics and establish charters for the 2013 special interest groups.
The PCI council made changes to the special interest group process last year, providing help in organizing meetings, tasks and target dates for the groups to complete their research (see story).
Those changes have helped the council board members receive input from the special interest groups in a timelier manner, Russo says.
As for the coming year, Russo says he never knows for sure what to expect in the proposal submissions, but he has a fairly good idea of what topics stir the most interest based on feedback at various industry meetings and conferences.
"From what I am hearing in the industry, people want more information about the migration of EMV into the U.S.," Russo says.
Mobile payments are also high on the list for more guidance and even though the groups studied cloud computing this past year, Russo says he expects additional aspects of cloud security will come up as a key topic.
"The onus is on us to get something understandable out to the organizations seeking guidance," Russo says.