PCI is becoming a standing item on many IT conference agendas. Are any of us 100% confident that we are compliant? Are you, like me perplexed by the seemingly impossible twists and turn that PCI requirements force us into. Can you reduce scope to managable proportions or are you increasing scope through such activities as telephone call monitoring.
This is a topic that really seems to give IT departments a bad name. Departments seem to class PCI as an "IT" requirement, which of course it isn't.
At the UK user conference we'll be having a discussion on the whole topic of PCI. If you have anything to contribute, from a brilliant, silver bullet solution or an insoluble dilema then please come along.
Contact me if you want to discuss this.
Thanks,
Chris