Editor’s Note: Very Sad News

Written by Evan Schuman
October 28th, 2009

We’re heartbroken to have to report to our readers that our esteemed PCI Columnist, David Taylor, passed away on Tuesday from a sudden heart attack. A private memorial service is being held in New York and Dave’s family is asking for donations to the American Heart Association.

Dave spent much of his time running the PCI Knowledge Base, which he launched after a distinguished career as a Gartner analyst. I personally had the pleasure of working with Dave on many projects, panels and podcasts and found his keen observations and sense of humor to be most rare. He called his shots honestly but went out of his way to be kind. Dave’s column was an instant hit with subscribers, as it gave him a forum for his observations and for his wry take on life. We’ll miss him without limit and the industry has lost one of its brightest voices.


21 Comments | Read Editor’s Note: Very Sad News

  1. Walt Conway Says:

    I, too, was shocked and deeply saddened to hear the news of Dave’s passing. I had the great privilege of working with Dave on the PCI Knowledge base. We did a couple of webinars together, and we spoke just the other week making plans for him to join me at a PCI workshop in the Spring. Dave had an irascible wit, and he never followed our plan/script during a webinar…doubtless to the great benefit of everyone who ever listened! Dave was knowledgeable, professional, and a keen nose for what was real and what wasn’t. Like many others, I learned much from Dave, and I shall miss him terribly.

  2. David Dorf Says:

    Sad news indeed. Dave was a nice guy and did much to help our industry. He will be missed.

  3. Rafael Rosado Says:

    I am shocked and saddened to hear this. May God accept David in His Kingdom!

    Dave had a true passion for PCI (and very vocal as well regarding his opinions). He started the PCI Security Interest Group in Dallas recently as he moved into the area and I was honored to have the opportunity to meet him personally.

    I even saw him recently at the PCI SSC Regional Meeting in Las Vegas and he seemed full of life and energy. Just another demonstration that our time in this life is short and we don’t know the time or moment that we will be summoned.

    Dave will definitely be missed in the industry.

  4. Richard Mader Says:

    David was a gentleman, and the PCI expert. Always willing to share his time and information. He played a key role in the development of the NRF-ARTS PCI best practices and spoke at several of our event.

    Shocked and saddened by this news, he will be sorely missed.

  5. Barb DeYoung Says:

    Dave will be missed for his realistic view of information security and his perspective on what was important. The time we spent talking PCI during a survey convinced me he was an important voice in the efforts to improve the standard. We had a great conversation, with plenty of the humour mentioned above. He will be missed.

  6. Mike Dahn Says:

    I never met Dave in person but we spoke on the phone many times over the years and I’m happy to have known him, even if through distance.

    I know his desire to make this world a better place will be missed. I am very sad to hear about this shocking news. He was a good man from what I knew of him and hope his family the best in this hard time.

    I think you can say his influence in the payment card industry can be seen by his numerous connections and the people who called him a friend.

  7. Della Lowe Says:

    When I heard about Dave’s death this morning I was really saddened. Dave was not only smart and passionate about his work but he was also generous with his time. There was never a time I called Dave for clarification or information on the PCI standard or the retail industry that he did not give fully of his attention and knowledge. He was an important voice and will be missed greatly both as a business colleague and a friend.

  8. Chris Rallo Says:

    I have had the pleasure of working with Dave on several PCI initiatives. He will be missed greatly.

  9. Kenneth Says:

    Worked with Dave Taylor at NRF last year and at Cisco PCI virtual Event. He will be missed.

    My condolences to the family.

  10. Wasim Ahmad Says:

    Very sad, our thoughts go out to his family. We really enjoyed reading David’s insightful analysis. We’ll miss his blog.

  11. PCI Security Standards Council Says:

    All of us at the PCI Security Standards Council are deeply saddened to hear of David’s passing. David was a vocal proponent of strengthening payment security and played an important role in increasing the market’s knowledge of PCI Standards and issues.

    While we did not always agree with his opinions, the constructive and thoughtful debate David fueled helped elevate awareness of the need for improved payment security. His presence in the payment ecosystem will be sorely missed.

    We wish to express our deepest condolences to David’s family, friends and colleagues.

    Bob, Troy, Ella – PCI SSC

  12. Robert Udowitz Says:

    David’s insights along with his quick wit made the PCI Knowledge Base so important to the industry. His contributions will be missed and never forgotten. My heart goes out to his family.

  13. Philip J. Philliou Says:

    What a loss – such sad news. May his memory be eternal.

    Phil Philliou

  14. Charles Crawford Says:

    My compliments, Evan, on your hear-felt tribute to Dr. Dave Taylor. Dave was a good friend of ours at EPX and the entire data security community and leaves a huge void.

    Dave, a long-time Gartner Group senior analyst earlier in his career, became one of the best known and most respected subject matter experts on cardholder data security and, of late, a specialist on emerging technologies such as credit card data tokenization and so-called “end to end” encryption. Dave was an unapologetic “academic researcher at heart.” His public expressions tended to always start with the words “…according to our research…” Yet, the scope of his intellect such that he always took his audience well above the minutiae and spoke clairvoyantly to the trends and meanings of complicated and conflicting information. We enjoyed his strong, pull-no-punches, gadfly opinions and amazed that he could take sides, yet somehow remain so steadfastly unbiased in his analyses.

    Dave’s pioneering resource site,, is his legacy to those who seriously concerned about consumer data security — whether vendors, professional PCI QSAs, CIOs, CSOs or academics. The site is a substantive touch-point for detailed knowledge of PCI – with its illustrious “Panel of Experts” and in depth research reports involving hundreds of thorough interviews conducted over months and years. For his memory, and the community the Knowledge Base served, let’s hope his family finds a way to continue what he started.

    Those who had the good fortune of getting to know Dave a bit on a personal level, found in him a warm and outgoing personality, boundless energy and good humor… a quick wit, and a nice thing to say about almost everyone he knew.

  15. Marcus M Shaw Says:

    I’m one of his High School Classmates. We still communicate among our graduating class of 1970 in Clarksville Indiana on a sight developed for us. His passing has been noted and I’m sure we will remember him fondly for his tenure with us during those times. He will be sorely missed. Thank you all for the kind words you have given him in your industry.

  16. Bill McNee Says:

    I had the honor and pleasure of working with Dave for many years at Gartner Group in the 1990s. He was key member and leader of the research team that helped build the business. I remember him most as a deep expert in eCommerce, business applications and an early pioneer in understanding the importance and value of the internet to businesses of all types and sizes. I am not surprised to read that he went on to be a pioneer in other areas, such as the PCI industry. He had a keen mind, and the ability to cut through the hype and provide great value for our customers.

    But what I most remember about Dave was his wry sense of humor. He built a tight team – and I could tell they all enjoyed working together, in an especially collegial way. He was a mentor to many, and will be sorely missed.

    Bill McNee
    Saugatuck Technology
    and Gartner Alum (1988-2000)

  17. Tyler Hannan Says:

    Rest in Peace.


  18. Branden Williams Says:

    I’m going to miss the lively discussions that he hosted and participated in. The PCI world suffered a huge loss. My team & I want to convey our deep sorrow at this news.

  19. Steve Sommers Says:

    Very shocking and very sad. My thoughts and prayer’s are with him and his family.

  20. Richard Haag Says:

    I am saddened to hear of Dave’s passing. I remember some long discussions with him when he launched the PCI knowledge base. I was very impressed with his professionalism and straight forward approach and enjoyed watching the PCI knowledge base flourish. My condolences to the family, Dave will be missed.

  21. Jennifer Fischer Says:

    I just heard of Dave Taylor’s passing and am very saddened by the news. I’ve known Dave for many years and recently saw him at the PCI SSC’s community meeting in Vegas. He was a tireless advocate for data security, and I always found our discussions incredibly insightful, energetic and constructive. Dave added a great deal to the dialogue, and he will be missed. Sincere condolences to his family, friends and colleagues.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.