Enhancing payment security: Key takeaways from the 2024 Europe Community Meeting

Last month saw the second stop of the 2024 Community Meetings hosted by the PCI SSC, as the Europe event kicked off in Barcelona, Spain on October 8.

Building on the success of the North America Community Meeting, the event attracted more than 600 in-person and online delegates. The agenda centered around the latest updates to PCI DSS and provided opportunities to learn, share, network and discuss the current state of payment security.

Streamlining standards

PCI SSC VP, EMEA, Jeremy King highlighted the Council’s goals to streamline its suite of standards.

“This year, at the Community Meetings, the Council announced its intent to consolidate and align its standards portfolio, to make it easier for people working within the purview of multiple standards to meet their obligations.” King explained.

PCI DSS v4.x future dated requirements now due

Many of the event sessions focused on the looming March 31, 2025, deadline for future dated requirements introduced in PCI DSS v4.0. With PCI DSS v4.0.1 released this summer, the SSC highlighted several resources available to organizations working on the transition, including a new ROC template and a new resource guide addressing vulnerability scans and Approved Scanning Vendors (ASVs) for SAQ merchants requiring scans for the first time.

Session highlights

Streamlining key management in the payment card industry

In an engaging session, Kris Olejniczak Managing Director, Patronusec and Rolf Pielage, Senior Manager, Deloitte Netherlands, shared an innovative approach to automating key management. Their solution is designed to enhance security and simplify the auditing process through the use of automation for standard key management processes, including key generation, distribution, rotation and destruction.

DORA: How the next wave of requirements is hitting the payment card industry

usd AG considered the next major regulation sweeping the financial sector across Europe — the Digital Operational Resilience Act (DORA) — and whether PCI DSS compliance could support organizations seeking to meet the new regulation. DORA comes into force from January 2025 and will have a significant impact on many aspects of the payment card industry – affecting not only financial institutions but also their key suppliers.

Global updates: Payment trends and threats

As a global standard, PCI DSS offers a unique perspective on security trends and threats worldwide. In this session, regional PCI SSC representatives shared insights gleaned from the challenges affecting the organizations and the payments industry more broadly within their area.

In more general trends, cards and mobile wallets are more often used, with cash and check use falling steadily. Meanwhile, crimes against payments channels have also evolved. Authorized push payment fraud (typically via mobile wallets) has overtaken card-not-present fraud (typically via e-commerce channels), however since 2021 both have been in decline – demonstrating the success of standards such as PCI DSS in reducing the accessibility of payment details to cyber-criminals.

These are just a few of several key insights from the event, which also included sessions presented by leading industry figures including VikingCloud, Coalfire, Forgenix and others. The comprehensive agenda included topics such as software security, encryption, operational security and AI in payments.

The European Community Meeting was an excellent chance to gain knowledge from experts and connect with colleagues. We extend our gratitude to the PCI SSC, the speakers and the sponsors for their contributions in organizing and supporting this event.