PCI Blog - Compliance Demystified

CPISM certification empowers merchants

Congratulations to Walter Conway for his CPISM certification.  If you are not subscribed to his blog, please do so, especially if you are interested in Higher Education.  Rob is also one of the blogs that is syndicated via the Society of Payment Security Professionals.

The reason I congratulate him is because he has been working for years to do exactly what we do: educate and empower people about PCI compliance.  My mantra has always been to bring our expertise and education to empower those “across the table” from their auditor.  Have you ever felt frustrated because one auditor tells you one thing and another tells you something else entirely?  Perhaps this is just their variance in interpretation of the standard or personal risk tolerance.  The problem is that if you re-engineer your environment every time you get a different auditor you may go bankrupt!

So what can people do to learn what their auditor knows?  How can people empower themselves to understand the payment card industry so they can speak about it knowledgeably?  I’m not only an advocate, I’m also a member of the Society of Payment Security Professionals.  They have launched the Certified Payment-Card Industry Manager (CPISM) certification.  This certification and the training for it is geared at educating people about the payment card industry so they can speak with others (i.e. an auditor) knowledgably about it.

Someone called me up today asking about their call center and how one auditor said it was not in scope and another said it was in scope.  They had just finished re-architect their environment to make a secure payments area and now they were looking at re-engineering it to accommodate the requirements of this new auditor.  I told that person that they could always call upon me (as you all can via the email address and phone number on this blog), but that they would feel more confident if they empowered themselves.

It’s like the old proverb, “if you give a man a fish he will eat for a day, but if you teach a man to fish he will eat for a lifetime.”  This certification is meant to empower others to feel more confident about the decisions they make, because they invested the time necessary to learn the nuances of the industry.