• Antitrust Policy Notice: Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
• Suggestion by Neil Thomson about educating Governance Stack Working Group on mature governance, compliance and accreditation models in the marketplace to help adopt new standards for ecosystems to adopt
• New Members: Ashley Rhéaume, part of the government of Quebec's team for digital identity, adopting the Trust over IP model 

1. Mary Lacityco-authored academic paper that has looked across disciplines and gathered 13 assumptions about the nature of trust in information technologies https://blockchain.uark.edu/files/2023/06/BCoEWhitePaper2023POST.pdf
2. Drummond Reedannouncement from EU regarding process of harmonizing on the European digital identity wallet. https://www.consilium.europa.eu/en/press/press-releases/2023/06/29/council-and-parliament-strike-a-deal-on-a-european-digital-identity-eid/
3. Scott Perrymentioned new crypto egulation for companies that participate in crypto assets in the EU and his Aug 4 webinar focusing on crypto assets market in the US & EU
4. Judith Fleenor On July 19 All Members meeting Wenjing Chuwill have an AI presentation

Scott Perry Intro 

PCI Governance and Accreditation presentation summarized by ChatGPT:

00:13:52.400 →  00:33:33.669

In this meeting transcript, Sully Perella provides background information on the payment standards and processes. He discusses the development of standards in the late nineties in response to increasing fraud in electronic transactions. Different payment brands developed their own standards, which led to the creation of the Payment Card Industry Security Standards Council (PCISSC). The purpose of this organization is to set and monitor standards for organizations involved in payment processing.

Sully explains that the PCISSC is responsible for validating companies and individuals who can perform assessments and evaluations. They ensure that companies follow specific controls related to networking systems, vulnerability management, coding, authentication, logging, alerting, monitoring, and incident response. The PCISSC remains independent and treats all payment brands equally.

The payment brands, which are members of the PCISSC, play a role in identifying fraud and non-compliance. If a bank or payments facilitator fails to comply with the standards, the payment brands take action by imposing penalties or making decisions about dropping services or increasing transaction fees. The PCISSC is not directly involved in assigning culpability or fees but focuses on maintaining and updating the standards.

Sully also mentions the role of Qualified Security Assessor (QSA) companies and employees in conducting assessments. Companies need to meet certain requirements and undergo training to become QSAs. The PCISSC can audit these companies at any time to ensure compliance.

During the meeting, Sully clarifies that sensitive information is removed from assessment reports to protect confidentiality. He emphasizes that the company is responsible for the work of its employees and discusses the remediation process for companies that do not pass assessments.

Overall, the meeting transcript provides an overview of the development of payment standards, the role of the PCISSC, and the responsibilities of payment brands, QSAs, and assessed companies.