My dear chum Walt has something to say on PCI surveys today. He puts his questions in a very understated way, such is his low-key manner. I can reveal that it was I that was the straw which broke the camel's back however. You might recall my recent whingeing about a NetIQ survey which said that PCI in Europe wasn't being taken seriously, and they could prove it from a pretty small sample.
I was approached by their marketing manager afterwards, and whilst my back was up initially, I have to say he has won me over with his patience and more importantly, his desire to learn what would make it better. We are going to try and increase the sample size in the coming weeks with a new survey, more targeted and less commercially orientated. Hopefully this will have some real value, and maybe even more coverage in The Register again.
Walt has been very helpful in pointing me in the right direction about how to make this survey objective, but something he did say in a mail to me, he didn't put in his post. The gist was that now PCI awareness has been achieved, everyone wants to know what everybody else is doing. This is subtly different from "wanting to learn from each other", which is a very nice way of looking at it.
Maybe that's because it assumes too much and he knew I'd get what he was saying, but it kind of put things in a nutshell for me. What IS everyone else doing. It seems that the more we talk about PCI, the less we want anyone else to know what we've done. Are we afraid that our solutions aren't as good as next door's? Are we afraid they will try and copy our homework? Come on retailers and banks, let's have a bit of care in the community, share the knowledge!