Lance
Johnson:
Hi,
Alicia.
Welcome
to
2023.
Alicia
Malone:
Well,
2022
was
a
big
year
for
the
PCI
Security
Standards
Council.
We
released
PCI
DSS
v4.0.
We
retired
the
PA-DSS
standard.
We
even
released
a
brand-new
standard,
Mobile
Payments
on
COTS
(MPoC).
But
there
were
other
major
accomplishments,
too.
Can
you
give
us
a
little
recap
of
what
was
accomplished
in
2022
and
how
that
positions
the
Council
for
the
year
ahead?
Lance
Johnson:
Well,
I’m
glad
you
asked
that
question
because
there
was
so
much
we
did
in
2022
and
it
was
so
important.
Effectively,
everything
that
you
just
said
really
set
the
stage
for
some
of
the
major
successes.
PCI
DSS
v4.0,
Mobile
Payments
on
COTS,
all
of
those
things
were
really
the
continuation
of
the
foundation
of
what
we
do.
But,
as
you
just
stated,
there
were
some
significantly
new
areas
as
well.
In
2022,
we
did
a
reassessment
of
the
engagement
model
that
we
have
used
for
a
number
of
years.
And
what
we
have
come
to
is
recognizing
that
the
real
core
of
what
makes
the
Council
work
is
the
broad
range
of
participants.
And
what
we’ve
decided
and
have
now
implemented
at
the
end
of
2022,
going
into
’23,
is
that
we
are
going
to
completely
reimagine
how
we
leverage
the
contributions
of
all
of
our
participants.
It
is
a
fundamental
reassessment.
We’re
actually
calling
it
the
third
phase
of
the
Council,
where
we’re
looking
to
the
industry
to
help
us
drive
what
the
key
elements
are
that
we
need
to
be
doing.
First
and
foremost,
in
that
is
that
we’ve
changed
how
we
look
at
our
participant
model.
Historically,
we’ve
had
one
type
of
organization
model.
Now,
we
have
expanded
that
to
three.
And
with
those
three,
what
we’re
really
trying
to
do
is
expand
the
opportunity
to
be
involved,
expand
the
areas
that
those
organizations
can
participate
in
and
contribute
to.
In
particular
really,
the
key
element
is
for
the
Principal
participant,
which
is
brand
new,
and
as
of
this
year,
it
will
have
a
much
greater
access
and
input
on
some
of
the
strategic
direction
of
the
organization.
Our
Associate
membership
really
is
the
lifeblood
of
what
we
have
been
and
will
continue
to
be.
Those
are
the
organizations
which
had
been
with
us
for
years
and
continue
to
support
us
and
represent
the
needs
of
the
industry.
But
we’ve
added
something
new,
which
is
the
Individual
participant,
which
means
that
anyone
can
now
be
part
of
the
organization
and
those
are
really
significant
changes.
They’re
going
to
define
the
profile
and
the
nature
of
the
work
that
the
Council
does
in
the
future,
and
really
start
to
change
the
very
image
of
how
the
Council
impacts
the
industry
and
impacts
the
needs
of
all
of
the
organizations
that
work
in
the
industry.
Alicia
Malone:
So,
as
we
start
2023,
one
of
the
first
major
initiatives
will
be
the
nomination
of
our
new
Board
of
Advisors,
which
begins
in
February.
Tell
us
a
little
about
what’s
different
this
year
in
terms
of
the
Board.
Lance
Johnson:
Our
participants
–
Associates,
Principals
and
the
Individuals
–
as
I
said
a
moment
ago,
they
are
the
heart
and
soul
of
what
makes
our
work
successful.
We
exist
because
of
what
they
bring
to
the
table.
The
new
BOA,
which
is
really
one
of
the
fundamental
ways
in
which
the
information
from
all
of
these
participants
is
presented
and
refined
within
the
Council,
is
a
reflection
of
the
old
BOA,
builds
off
of
it,
but
does
a
couple
of
key
things
that
are
really
important
and
exciting.
First,
we’re
going
to
effectively
double
the
size
of
the
group
to
introduce
new
participants,
to
get
some
of
the
organizations
which
previously
might
not
have
been
part
of
it,
and
to
get
those
voices
around
the
table
so
we
can
have
a
broadened
discussion
on
a
number
of
new
areas
that
might
not
have
been
part
of
the
agendas
in
the
past.
With
that
though,
we’re
actually
looking
at
also
doing
something
entirely
new,
which
is
we
are
looking
to
this
organization,
this
Board
of
Advisors,
as
providing
that
key
element
of
approval
to
the
work
that
we
do.
Historically,
as
Advisors,
they
would
guide,
they
would
instruct,
but
now
what
we’re
doing
is
we’re
adding
a
third
element
and
we’re
asking
them
to
actually
approve
the
work
we
do.
Any
major
work
item
that
comes
out
of
the
standards
area,
like
a
standard
that
has
a
major
revision,
those
will
all
be
submitted
to
the
Board
of
Advisors,
discussed,
debated
and
approved
by
the
Board
of
Advisors
before
they’re
published.
And
that
is
what
we’re
hoping
really
drives
some
new
activity
within
that
group.
That
is
one
of
the
reasons
that
we
wanted
to
expand
the
size
so
we
get
the
discussions
more
dynamic
and
more
engaged
across
a
broader
range
of
subjects.
And
it’s
really
going
to
be
an
interesting
opportunity
for
the
Council
to
start
listening
to
new
issues
and
new
areas
that
we
may
have
missed
before.
Alicia
Malone:
Also
new
this
year
is
the
launch
of
two
new
initiatives,
the
Global
Content
Library,
and
a
new
Jobs
Board
for
our
industry.
What
can
you
tell
us
about
these?
Lance
Johnson:
So,
let
me
take
the
first
one.
Our
Global
Content
Library
is
a
major
step
forward.
We
do
a
tremendous
amount
of
work
in
presenting
information
to
the
industry.
But
a
couple
of
the
areas
that
we
actually
do
extremely
well,
particularly
around
our
Community
Meetings,
have
the
very
experts
from
the
industry
talking.
So,
with
the
Global
Content
Library,
now
that
we’re
fully
recording
everything
and
looking
at
things
in
a
much
more
broad
perspective,
we’re
taking
that
and
we’re
putting
it
into
a
format
that
allows
anyone
from
that
point
forward
to
go
ahead
and
review
it
again.
Or
people
who
didn’t
have
the
opportunity
to
attend,
either
in
person
or
remotely,
to
look
at
what
was
said.
Obviously,
we
have
a
number
of
concurrent
streams
that
go
on
in
some
of
these
meetings.
So,
they
can’t
be
in
two
places
at
one
time.
So
now
they
can
go
back,
and
they
can
actually
see
what
was
said
in
some
other
areas.
So,
the
Global
Content
Library
really
is
a
fundamental
expansion
of
our
capabilities
of
providing
that
information
and
that
content
to
everybody
on
a
long
term
basis.
The
Jobs
Board
is
really
our
first
effort
to
look
at
how
do
we
address
one
of
the
fundamental
issues
that
the
industry
is
facing.
Like
everyone
else,
technical
skills
and
individuals
in
the
cybersecurity
area
are
a
key
problem.
While
we
do
a
lot
of
training,
we’re
looking
at
ways
that
we
might
be
able
to
facilitate
more
resources
becoming
available.
Our
first
step
really
is
in
this
Job
Board
and
just
giving
people
a
clearinghouse
and
an
opportunity
to
say,
“Here’s
what
I
need,”
or
“Here
is
the
skillsets
that
are
important
to
us
as
an
organization
and
we’re
hiring.”
So
that
you
don’t
have
to
go
and
try
and
figure
out
what
is
an
organization
doing
in
this
particular
area
of
payment
security.
They’ll
be
able
to
go
to
our
site
and
look
at
it
and
say,
“Ah,
these
organizations
have
a
need,
I
have
the
skills,
and
let’s
see
if
there’s
something
here
for
that.”
Like
I
said,
this
is
a
very
initial
step
in
this
area.
I
don’t
know
how
it’s
going
to
play
out,
but
the
first
indications
from
people
who
have
talked
about
the
concept
with
us
from
the
industry,
they’re
very
excited
about
it
and
they
want
to
see
it
grow
and
be
used
more
actively.
So
those
are
the
two
basic
items
going
into
2023,
but
I’ll
just
say
they’re
really
only
the
first
steps.
We
have
a
lot
more
coming
in
the
future.
Alicia
Malone:
In
terms
of
standards
and
programs,
what
will
the
focus
be
this
year?
Lance
Johnson:
So,
Alicia,
a
moment
ago
you
talked
about
PCI
DSS
v4.0,
and
you
talked
about
Mobile
Payments
on
COTS
and
some
of
the
other
areas
that
we
put
a
lot
of
effort
in
in
the
past.
I
think
2023
and
going
forward
is
going
to
see
a
lot
of
the
same.
PCI
DSS
v4.0
is
still
a
work
in
process.
The
standard
has
been
produced.
People
are
now
starting
to
apply
that
to
their
domains.
We
still
have
a
lot
of
training
that
we
need
to
do
around
that.
So,
there’s
going
to
be
a
lot
of
work
to
make
PCI
DSS
v4.0
understood
and
applied
as
organizations
are
starting
to
adopt
it.
So,
there’s
still
all
of
that.
PCI
DSS
v3.2.1
is
still
there
as
well,
and
that
needs
to
continue
to
be
supported.
The
mobile
and
software
area,
that’s
the
pointy
end
of
the
effort
right
now,
where
the
industry
is
really
focusing
on
how
to
better
use
software,
how
to
look
at
mobile
and
use
the
dynamics
that
mobile
has
introduced
into
payments
to
ease
the
friction
for
consumers
to
make
payments
and
to
do
transactions.
We
have
some
standards
in
that
area.
You
mentioned
that
MPoC
has
just
been
released,
v1.0.
We
need
to
do
more.
We
need
to
be
looking
at
more
areas
where
we
can
do
more
standards
around
software.
We
need
to
be
looking
at
additional
items
that
we
could
be
looking
at
with
mobile.
And
how
does
that
change
the
dynamics
of
the
industry?
I
don’t
know
yet,
but
those
are
the
areas
that
we’ll
be
focusing
on.
However,
the
Council
has
been
a
success
by
making
sure
that
people
have
the
tools
that
they
need
to
protect
payments
in
all
of
its
forms
and
in
all
of
its
environments.
So,
everything
that
we
have
done
remains.
We
continue
to
do
it.
So,
if
it’s
a
PTS
POI
device
or
if
it
is
Card
Vendor,
or
if
it
is
any
of
the
other
areas
that
we
have
had
extensive
work
done
in
the
past,
nothing
gets
left
behind.
Everything
continues
to
work
and
can
be
supported.
So,
the
future
isn’t
about
going
forward
and
leaving
stuff
behind.
Where
that’s
necessary,
such
as
PA-DSS,
we
can
do
that.
But
in
most
cases,
it’s
really
about
adding
new
things
and
not
leaving
anything
behind
because
it’s
still
basic,
necessary,
and
important
to
the
participants
in
the
industry.
Alicia
Malone:
The
return
to
in-person
Community
Meetings
was
a
highlight
last
year.
How
did
those
go,
and
what
can
we
expect
from
the
Community
Meetings
this
year?
Lance
Johnson:
You
know,
the
thing
about
the
Community
Meetings
this
past
year
is
there
was
such
a
pent-up
demand,
and
everybody
was
excited.
I
can
tell
you
definitively
that
the
meetings
that
we
had,
they
went
exceptionally
well.
It
was
exactly
what
the
industry
had
been
asking
for,
precisely
the
type
of
information
and
interaction
and
opportunity
to
share
and
learn
in
person
that
everybody
had
been
demanding.
But
it
is
also
where
we
introduced
some
of
the
learnings
that
we
had
gotten
over
the
last
couple
of
years.
The
very
nature
of
the
Community
Meetings
have
introduced
new
methods
of
communicating
with
people,
new
methods
of
engaging
them.
So,
we
added
the
simulcasting,
which
beyond
almost
any
of
our
expectations
was
a
spectacular
hit.
Many
people
used
it,
even
people
on
site.
We
have
some
anecdotal
stories
of
people
who
had
two
laptops
open
and
they
were
watching
two
streams
simultaneously
because
they
wanted
to
be
in
both
of
them
while
they
were
going
on
and
they
couldn’t.
So,
the
meetings
themselves,
overall,
they
were
extremely
successful,
whether
it’s
in
person,
whether
it’s
simulcast
or
whether
it
is
in
some
expansion
of
that.
So
overall,
they
were
exceptionally
well.
They
set
the
groundwork
and
a
very
high
bar
going
into
the
future,
but
I
think
as
we
go
into
the
future,
they’re
only
going
to
get
better.
Alicia
Malone:
Before
we
close,
is
there
anything
else
that
you’d
like
to
share
with
our
listeners
today?
Lance
Johnson:
Absolutely.
The
Council
is
a
growing,
dynamic
organization
which
is
only
a
reflection
of
the
needs
of
its
participants.
So,
we
are
highly
dependent
on
all
of
the
engagement
activities
which
we
do
and
learning
from
the
very
organizations
which
are
using
what
we
provide.
So,
for
us
to
be
a
success
and
continue
to
do
that,
all
of
the
participants,
everyone
listening,
it
really
is
an
issue
of
keeping
the
dialogue
going,
making
sure
that
the
contributions
and
the
inquiries
and
the
observations
continue
to
come
forward.
So,
it
really
is
a
request
to
stay
involved.
To
stay
involved
in
what
you
have
been
doing,
to
look
at
the
new
ways
that
you
can
be
involved,
to
offer
what
you
can,
to
ask
the
questions
where
you
have
a
need
for
help,
but
to
provide
your
expertise
and
knowledge
that
we
can
then
socialize
for
others
to
use
as
well.
This
is
really
about
a
community,
and
it
is
about
making
sure
that
people
stay
engaged
and
provide
to
the
rest
of
the
community
and
learn
from
the
rest
of
the
community
those
things
they
need.
Alicia
Malone:
Well,
thank
you
so
much
for
joining
us
on
Coffee
with
the
Council
today,
Lance,
and
it’s
always
a
pleasure
chatting
with
you.
Lance
Johnson:
Thank
you
for
having
me.
Like
what
you’ve
heard?
Subscribe
to
PCI
SSC’s
“Coffee
with
the
Council”
podcast
by
visiting
any
of
the
following
platforms:
Spotify,
Anchor,
Pocket
Casts,
or
Google
Podcasts.
Coming
soon,
the
podcast
will
also
be
available
on
Apple
Podcasts
and
RadioPublic.
About Author
