Payment security stakeholders around the world flock to the PCI Community Meetings each year because they are an ideal setting for education and information sharing. Having been a part of many of these meetings over the years, I can tell you that they continue to serve a critical role in my everyday activities with ControlScan.
This year I was lucky enough to not only attend the North American PCI Community Meeting in Vancouver, but also the European PCI Community Meeting in Dublin. The two events were unique in their “culture” and overall atmosphere, making it beneficial to attend both.
Here are my key takeaways and highlights from the 2019 PCI Community Meetings:
- The Council’s focus remains on evolving security risks and threats – The Council is really asking for lots of input this time around with the idea of addressing evolving risks and threats. They are talking about it being a process that stresses risk-based outcomes, with an emphasis on ongoing security and not a point-in-time checklist. Based on recent breach activity, it’s clear that service providers and password security will continue to be a big focus.
- PCI DSS v4.0 will usher in more flexible compliance methodologies – With the advent of version 4.0 of the PCI Data Security Standard, businesses will have more flexibility in how they validate compliance. For businesses with more mature, risk-based security programs, “compensating controls” go away and are replaced by “custom responses” to specific requirements. Of course, those with security implementations that correspond to the current requirements can continue to follow the defined testing procedures.
- Diversity was a big theme at both events – It is clear that women are making an ever-increasing contribution to the payments industry as well as the security arena, and this is certainly a good thing. In my opinion, the European meeting keynote given by Dr. Jessica Barker was one of the highlights of the Dublin event. Talk about women making a big difference in cybersecurity! Dr. Barker conveyed an intriguing message that should make all of us question the tone and nature of our approach as far as education/awareness efforts with SMBs.
Want to learn how to best align payment security and compliance with your business processes and objectives? Click here or give us a call at 1-800-325-3301, ext. 3. We’re happy to help.