Listen in as we tackle the gritty complexities of risk management within the sphere of Governance, Risk, and Compliance (GRC), highlighting the delicate dance between aspirational security protocols and the more achievable, pragmatic solutions. This discussion takes place through the lens of PCI DSS compliance and examines the interplay of power, liability, and practicality as companies navigate the prescriptive demands of payment card brands. This insights highlight the complex layers of risk management, unearthing the tug-of-war between what's ideal and what's doable in the world of Governance, Risk, and Compliance.
This narrative goes beyond mere compliance checklists; it's a candid exploration of how risk is offloaded to merchants and service providers, and the implications that have for everyone involved. Drawing from years of experience, I dissect the underlying motives of payment card brands and the resulting security awareness inadvertently driven by the PCI SSC. We grapple with the economic and social impact of technological changes, understanding the unintentional yet significant consequences of comprehensive system overhauls. By the end of our discussion, you'll have a richer appreciation for the nuanced realities that govern our transactions and the innovative thinking required to navigate this ever-evolving landscape.

For show notes, please visit The GRC Podcast website.
Sign up for our Bi-Weekly Newsletter