SWIFT and PCI-DSS: New Approaches Needed for Assurance in a World of Non-stop and New Requirements

At the official start of summertime 2016 in Britain we are starting to consume the labor of last autumn, five gallons of alcoholic homemade cider (yum!) made from eight apple varieties grown in mine and my neighbors’ gardens. I’m very VERY careful sterilizing glassware, containers, and buckets: there was this unfortunate incident three years ago (no, you don’t want to hear the horrible details), enough to say I watch each step like a hawk to ensure a batch does not become tainted.

Why am I bothering you with my alcoholic side-line?

The latest version of the Payment Card Industry Data Security Standard (PCI-DSS) framework arrived at the end of April with a loud thud, and a fair amount of “OMG!” content for anyone processing credit or debit cards worldwide.

During the four weeks long of May 2016 the Society for Worldwide Interbank Financial Telecommunication (SWIFT) has been hammered by their member organizations, worldwide press, national central banks and infosecurity commentators to begin a major change in its security posture after more than 100 million US dollars has been defrauded from banks in Asia, Africa and South America.

As I understand it hard cider cannot be sold in the USA unless it is pasteurized. In the UK non-commercial homemade cider is usually straight from nature. After ten years of practice, (so a fair track record of not poisoning my neighbors) a bottle or two this year will be entered at my village’s Produce Show for competition in September. It is nice when friends say they like what you make, it is a whole other ballgame submitting to formal judging, with a hope of a RHS Class certificate and/or silver trophy if you win.