Superconductor

More interesting stuff from the recent X9 meeting. In this case it relates to what merchants want to help them comply with the PCI DSS. At least this is what the merchants who attended the X9 meeting said that they want.

Apparently merchants don't like how vague the PCI DSS is on several points. In particular, it tells you what you have to do in general terms, but not exactly how to do this. It leaves deciding whether or not a particular approach is good enough to the QSAs. Merchants don't like this arrangement at all. They'd rather be told more details and have to live with a possibly-imperfect solution, particularly if it's one that will guarantee to make them PCI compliant.

I don't think that we'll see that level of detail in anything from either X9 or the PCI SSC, but that seems to be what merchants want. I have an easy solution for them: they should all buy and use Voltage's SecureData. I'm not sure that I can get the PCI SSC to require all merchants and payment processors to standardize on Voltage's products, but it would certainly make life easier for them.