Security Risk Management (SRM), a leading UK provider of operational risk management services, has today announced that Paul Brennecker will be joining the company as a specialist consultant, in order to advise its clients on PCI DSS compliance and maintenance.
Previously, Brennecker was working as the PCI DSS Compliance Manager for Barclaycard, where he held the responsibility for managing the Barclaycard and Retailer compliance process, and for driving the PCI compliance process forward for merchants in Levels 1-4.
The PCI Data Security Standard (PCI DSS) was implemented by the Payment Card Industry in response to increased fraud and identity theft involving stolen credit card data. Since June 2007, every organisation that accepts payments by credit card has been required as a "merchant" to comply with the PCI DSS. This decision affects a wide range of UK companies, including retailers, leisure providers, publishers, various service providers, local authorities and charities.
"We are delighted to welcome Paul to our SRM Compliance team." says Stephen Brown, Managing Director, SRM. "Compliance with the PCI Data Security Standard is a key objective for many of our clients, and Paul's expertise in this area, and in secure payment systems generally, is quite simply second to none. The ability to accept electronic payments is becoming increasingly important for many businesses, and we are therefore very happy to have Paul onboard in order to further enhance our expertise in this area."
SRM will benefit from Brennecker's vast experience working for Barclaycard as a Technical Consultant and manager of the company's Electronic Point of Sale testing lab. During this time, Brennecker worked very closely with both Visa and MasterCard in raising awareness of the PCI standard, and also had the opportunity to speak at numerous security forums. He has also assisted numerous large corporations and software houses in the development, testing and implementation of secure retail payment systems.
Prior to his departure from Barclaycard, Brennecker was also the deputy chairman of the APACS 70 Maintenance agency, where he assisted in writing new payment data transfer standards. As such, he has worked extensively with EMV standards to develop and test Chip and PIN capable devices and has presented at a variety of security forums and vendor groups.
"These are challenging times for anyone who regularly deals with electronic payments, but that also means it is an exciting time to be joining SRM, since together we can work to improve security in this important area." says Paul Brennecker, Security Advisor, SRM. "PCI DSS will continue to be of vital importance to a wide range of companies, and SRM is well placed to offer advice not only on the procedural aspects of secure electronic payments, but also on the project and programme management components for any businesses who are seeking PCI DSS compliance."
Many companies are currently in the process of implementing PCI DSS within their environment and are finding the complexity of the requirements difficult to manage. As with ISO 27001, PCI DSS has far reaching implications, not just the technical and operations teams. Employee vetting, security awareness are areas that need to be addressed in order to comply with current security standards and SRM has the capabilities to address these needs, in house. SRM is also able to offer IDS/IPS management and has extensive experience in assiting with the creation of Information Security Policies. With such skills already available, extending these services to include a full PCI DSS Compliance Programme was a natural progression.
The SRM PCI DSS Compliance Programme includes
- Assistance with creation and maintenance of an overall PCI DSS Project plan.
- Highlighting any potential blockers to the project.
- Prioritisation of key tasks.
- Assistance with construction and implementation of the Remediation plan.
- Liaison with the appointed QSA / ASV.
- Assistance in the support and delivery of the project.
- Complete management of the Staff Vetting process.
- Assistance with the inception and application of an Information Security Policy.
- Staff Security Awareness training.
- Business incident Management and continuity planning