The Schellman Blog

As in nature, many elements function together to support the payment ecosystem, which—as a whole—creates what is our largely digital economy. Of course, due to the sensitivity of the information contained within that ecosystem, some elements are subject to compliance with the PCI DSS security requirements.

One of the latest intriguing developments in the field of artificial intelligence (AI) is ChatGPT—a natural language chatbot that answers questions submitted by a human user. It’s taken off in such a way that many are using ChatGPT to assist in streamlining their writing needs, but how helpful is the bot, really?

In the film classic, Indiana Jones and the Raiders of the Lost Ark, our hero Indy tries to beat the booby trap security in a cave to steal a golden idol. He thinks he’s won when he switches the idol for a similarly sized bag of sand, but then finds he has to navigate flying darts, a dropping wall, and a chasm before he’s through.

If you’re a business that handles credit cards and other data related to digital payments, you’ve likely heard of the Payment Card Industry Data Security Standard (PCI DSS), or the set of interrelated controls designed to enable those handling credit cards and related data to protect the information entrusted to them.

It seems like Apple releases a new version of the iPhone every year these days, and despite all the new iterations featuring similar looks, builds, and functions, there’s always that period where everyone has to get used to the new thing.

Banking regulation has always been a bit of a tennis match—a back-and-forth between more regulation, and then less. Before the shift to deregulation starting in the 1980s, banks adhered to state and federal banking laws, as well as narrow lines of business. After years of phased-in deregulation, the pendulum swung back. Now regulatory and industry compliance for banks includes more rules than ever before: privacy laws, federal trade regulations, non-bank industry regulations, and community impact reporting.

When it comes to payment card security, the secure exchange of data is a well-known security requirement. It should come as no surprise that, for compliance with the PCI DSS standard, you must define how you do that.

When developing software securely, many organizations have traditionally relied primarily on administrative security controls—i.e., policy and procedure documents that dictate change control processes and the different steps that need to be completed to remain compliant.