Navigation: Home / PCI Mid-Year Meeting / Key Themes

Key Themes

PCI Mid Year Meeting

This year’s agenda is designed specifically to help and assist those responsible for securing I.T. and transaction environments in the payment card industry.

The agenda is focused on providing insights and knowledge that can assist senior decision makers and technical experts to ensure that their data security and compliance programs:

  1. Stay ahead of the curve by staying abreast of the latest developments such as the imminent changes to the standard.
  2. Create maximum value from data security and compliance projects to ensure that solution paths mitigate threats, meet compliance requirements, and create wider business value.
  3. Avoid spiralling costs of PCI DSS by taking a path that reduces the attack surface, and keeps costs down by deploying technology to achieve best effect.

Key Themes

Preparing for version 2.0 of the PCI DSS code in Autumn 2010 by making early risk assessments and analysing trends

  • Forecasting which revisions to expect and their implications for the future
  • Learning lessons from the last major update and whether it is likely to be a case of small steps or giant leaps.
  • Ensuring that changes will not lead to greater costs

***


Mapping the current malware threat landscape by tracking recent criminal behaviour in response to technological paradigm shifts

  • Studying the most recent data breaches and outlining what went wrong
  • Looking at latest technology trends and where criminals will be striking next
  • Highlighting the vulnerabilities it is easy to overlook

***


Overcoming the challenges posed by legacy systems faced by companies in the real world

  • Understanding which systems will not support specific requirements
  • Considering the ability to encrypt old data and what to do if it is not possible
  • Staying compliant while maximising the ability to retrieve data for discovery requests

***


Defining the scope of encryption and how it can help to reduce compliance requirements

  • Sealing up the ‘leakage’ points by keeping data encrypted at every stage of the process
  • Implementing end-to-end encryption and what it can do for you
  • Acknowledging the limits of encryption in terms of both security and compliance

***


Accounting for the increased volume of audio recordings and ways to ensure that call centres are not compromising card security

  • Understanding the requirement to record and store telephone conversations and its implications for card security
  • Reducing the possibility of fraud by call centre staff by limiting their access to essential transaction information
  • Establishing methods to make over-the-phone transactions more secure

***


Readying yourself for cloud computing and the future implications of it impacting the PCI DSS

  • Recognising which datasets can be stored by an outsourcer and which cannot
  • Contemplating outsourcing the entire process to a compliant external specialist
  • Being aware of the geographical implications and knowing where your data is at any given time

***


Negotiating the differences between card schemes and inconsistent advice from QSAs

  • Outlining the known differences in expectation of different card schemes
  • Distinguishing between good advice and bad advice
  • Knowing exactly what to expect from your QSA and who to get in touch with if you are dissatisfied