PCI Compliance: Tips, Tricks & Emerging Technologies
Version 2.0 of the Payment Card Industry Data Security Standard is in effect, and already thought-leaders are reviewing emerging technologies and payment card security trends with an eye toward how they may impact PCI's future.
Meanwhile, the single biggest question on the minds of merchants, processors and service providers today is: How do I get - and stay - PCI compliant?
This panel will answer that question with an eye toward PCI's future, exploring:
- PCI's global influence on smaller merchants and service providers with limited IT resources and lack of security expertise;
- The role of emerging technologies such as encryption and tokenization;
- Tips and tricks to make a PCI compliance program a success.
See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach
The Payment Card Industry Data Security Standard is a comprehensive standard intended to help organizations proactively protect customer account data. In 2004, the PCI standard was created as a result of a cooperative effort between Visa/MC, AMEX, Discover, Diners and JCB.
Before PCI was created, credit card merchants had individual means for organizations to secure customer data. Organizations were forced to perform similar audit reviews for each type of merchant card.
PCI is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
Version 1.0 of the PCI standard was released in Dec. 2004. It subsequently was updated in 2006, 2008 and 2009. Version 2.0 of the PCI standard was announced in late 2010 and went into effect in Jan. 2011.
In November of 2008, payments processor RBS WorldPay was hacked, and fraudsters gained access to as many as 1.5 million consumer accounts.
Then, on Inauguration Day 2009, Heartland Payment Systems (HPY) disclosed that it had been breached, exposing an estimated 130 million credit and debit card holders to potential fraud in what is the largest data compromise ever reported.
Heartland maintained it was PCI compliant. But Visa subsequently removed Heartland and RBS WorldPay from its list of PCI compliant vendors until they could be re-assessed for compliance. Visa's public stance: "We've never seen anyone who was breached that was PCI compliant."
The RBS WorldPay and Heartland security breaches raised serious questions about organizations achieving PCI compliance, but still suffering such incidents: How does one attain and sustain PCI compliance?
This question will be explored in this panel discussion, as will:
- What is in scope and out of scope in terms of PCI compliance?
- How can Managed File Transfer help companies achieve PCI compliance?
- How can PCI compliance help an organization consolidate its data security tools?
- How does an organization secure data beyond PCI?