Extremely Sad News

Written by Evan Schuman
June 26th, 2013

It pains us greatly to have to report to you that our PCI Columnist, Walt Conway, passed away on Tuesday (June 26) after a battle with pancreatic cancer.

Professionally, Walt had that rare ability to take complex compliance issues and make them approachable. He was a huge fan of the PCI process, which meant that he felt the obligation to point out its flaws or its inconsistencies.

Personally, I’ve never met someone who was as personable, intelligent and just plain nice as Walt. He will be missed far more than any words can convey.

His family has set up a fund in his memory with Episcopal Community Services, the largest provider of homeless services in San Francisco. Walt was president of the board for some years and a major supporter of their Chef’s program which trains homeless people to work in professional kitchens. Donations can be made to the Walter T. Conway, Jr. Fund at ECS, on-line at or by mail at Episcopal Community Services, 165 Eighth Street, 3rd Floor, San Francisco, CA 94103.

If you knew Walt—or were touched by any of his columns—please use the comment link below to share any remembrances.


16 Comments | Read Extremely Sad News

  1. Preston Says:

    Walt will be greatly missed. He was a nice, approachable guy who made PCI a lot less scary in higher education.

  2. Omar Iftikhar Says:

    Very sad to hear about Walt’s passing. I had a chance to attend a couple of his talks and he still is the only one who could get people engaged and interested in PCI issues and make them less daunting without losing the seriousness of the subject matter. His columns on this sites were always very helpful and were frequently used by me to help explain this complex subject matter.

  3. Evan Schuman Says:

    403Labs, Walt’s employer for years, has just posted a very nice tribute:

  4. Robert Santuci Says:

    Walt’s wit and wisdom will be missed by all. My deepest sympathies to his family & friends.

  5. Janet Langenderfer Says:

    I never met Walt, but used his articles in presentations to clients frequently. Always a resources for accurate explanations that were easy to understand. He will be missed…..

  6. Ilya Yakovlev Says:

    I will always remember Walt’s refreshing approach to PCI compliance when he worked with me at two institutions. Other consultants generally said, ok we saw what you have, here is the checklist to comply with SAQ D. Walt would turn it all around and say, for a campus your size you should be able to get your scope down to this, and by the way, here is what worked with your 3rd party on another campus I worked with… I will miss his wit and his gentle soul.

  7. Anna Letcher Says:

    I was fortunate to meet Walt at a time when my campus was beginning the marathon known as PCI compliance. His knowledge was immense and his advice very simple. By the time he completed an engagement with our school, we had become friends. We enjoyed many conversations about things not related to work and shared a meal or two at professional meetings and symposiums. My deepest condolences to his sweet wife Meredith, his family, colleagues, and many friends.

  8. ed Says:

    While I never met Walt Conway, his articles were very informative and he definitely left an impression with his knowledge.

  9. Chuck Phipps AAP, CTP Says:

    What is it with PCI columnists at StoreFront BackTalk? Before Walt, we lost the amazing David Taylor in 2009, who enlightened so many with his crisp writing and insightful viewpoints.

  10. Jeff Hall Says:

    I just cannot believe it. Walt and I had known one another for a number of years and I finally met him in person at the first PCI Community Meeting in Toronto. He and I bantered back and forth for years over the infamous session at that Meeting held by the card brands where they discussed whether pre-authorization data was in-scope. For the record, it was NOT in-scope, but was to be protected as though it were in-scope. I will miss him dearly as he was always will to tell me when I was getting things wrong. RIP my friend.

  11. Anton Chuvakin Says:

    That is incredibly sad news indeed. Walt was extremely knowledgeable about information security (and PCI DSS in particular), but he also made the subject approachable to many (a very rare gift in the industry). He will be missed!

  12. Blake Dournaee Says:

    This is truly sad news. Walt helped educate us here at Intel about PCI and was a tremendous resource for us. He will be missed.


  13. Steve Sommers Says:

    I’ve been absent from the world and just found out about this very sad news. In the few conversations I had with him I had very similar experiences: personable, intellegent and very nice. Walt will be greatly missed.

  14. Davesh Patel Says:

    This is really sad news, I had met Walt when I started PCI work and has been a great resource to me and our Company. He will be really missed.

  15. Shirley Says:

    While I’ve been very behind on my reading, I am so sad to hear of this news. I absolutely loved Walt’s style of writing, and of course the content was top notch. I appreciated that he even took a call or two to discuss a few PCI topics – and he had a great sense of humor as well. Walt – you will be missed!

  16. Andy Ray Says:

    In 1990 I worked closely with Walt in Visa EMEA/London office : he was our diplomatic pioneer to open doors with rather suspicious “rivals” like American Express, Diners Club, and MasterCard when we were building electronic transaction processing bridges to their hubs. None of them could resist his charm offensive! Now I realise that he had continued to use his ideal mix of personal charm and technical prowess to win hearts and minds in the PCI DSS world too. And it’s very humbling to know that he was so involved with helping the homeless. Salute to you, Walt! RIP.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.