PCI 2010: Trends and Technologies
Information Security Media Group
What is the future of the Payment Card Industry Data Security Standard (PCI)?
In 2009, PCI was discussed in the context of the Heartland Payment Systems and RBS WorldPay data breaches - is the standard adequate, and what does compliance mean?
In 2010, the talk will be about the next-generation PCI standard - the emerging technologies and applications that will enhance the security of payment card transactions.
Join a panel of PCI experts to hear:
- The state of PCI today;
- How emerging technologies such as tokenization and end-to-end encryption fit into the PCI evolution;
- What is being done to ensure efficient, effective payments security for merchants and financial institutions.
In November of 2008, payments processor RBS WorldPay was hacked, and fraudsters gained access to as many as 1.5 million consumer accounts.
Then, on Inauguration Day 2009, Heartland Payment Systems (HPY) disclosed that it had been breached, exposing an estimated 130 million credit and debit card holders to potential fraud in what is the largest data compromises ever reported.
Heartland maintained it was compliant with the Payment Card Industry Data Security Standard (PCI DSS). But Visa subsequently removed Heartland and RBS WorldPay from its list of PCI compliant vendors until they could be re-assessed for compliance. Visa's public stance: "We've never seen anyone who was breached that was PCI compliant."
The RBS WorldPay and Heartland security breaches raised serious questions about organizations achieving PCI compliance, but still suffering such incidents: How does one attain and sustain PCI compliance?
In April the Congressional Subcommittee on Emerging Threats, Cybersecurity, Science and Technology even convened a special hearing entitled: "Do The Payment Card Industry Data Standards Reduce Cybercrime?"
The mantra within the PCI community is: Compliance is not a one-time achievement. It's an ongoing condition that must be continually tested and maintained.
And in the wake of these very public breaches, the payment card industry has rallied to examine what's necessary to enhance the PCI standard. In September 2009, the PCI Security Standards Council convened a community meeting in Las Vegas, unveiling new research that suggests PCI's future could be shaped by emerging technologies such as end-to-end encryption and tokenization.
Emerging technologies and market trends are the focus of this webinar, as panelists each offer their unique perspective on the future of PCI, then convene for an open discussion about how they see the standard evolving in 2010.