Transforming PCI security: Insights from the 2024 North America Community Meeting

The PCI SSC Community Meetings for 2024 got underway this month with the 2024 North America Community Meeting taking place in Boston, MA on September 10-12.

The event highlighted several key changes to the PCI Security Standards Council (PCI SSC) including across its leadership team and introduced its new “product delivery model” approach that will define the future of PCI security standards and payments security.

The new look PCI SSC

The Community Meeting opened with the introduction of Gina Gobeyn, Executive Director of the PCI SSC and two new leadership roles to the Council: Diana Grenshaw as Head of Engagement; and Deanne Settler as Head of Product & Technology.

The Council emphasized a renewed focus on enhancing community collaboration and engagement, alongside transitioning PCI to a more agile and simplified set of standards in a long-term approach that supports proactive planning for standards development and compliance alike.

Session highlights

PCI v4.x future-dated controls 

With less than 6 months remaining to comply with future-dated controls introduced in PCI DSS v4.0, the Council encouraged organizations to focus on the wider security advantages offered by these requirements, including:

• Preventing copying and relocating PAN by users accessing systems remotely (3.4.2)
• Ensuring anti-phishing measures are in place to protect users (5.4)
• Enforcing multi-factor authentication (MFA) for all access to card data and CDE systems (8.4.2) 

Becoming audit ready through automation

Liberty Mutual emphasized the benefits of automation for managing compliance against a backdrop of increasing legislation and continuously evolving regulations and standards. They highlighted that automation could help organizations ensure they are audit ready by implementing automated monitoring and reporting processes.

Securing IoT and the future of cybersecurity

In his eye-opening talk, Ken Munro of Pen Test Partners Inc, explained the continuing challenge of security in the Internet of Things (IoT). Ken’s latest research highlights the vulnerabilities present in the current generation of green energy solutions including home solar power batteries and inverters with various security flaws being identified. Ken highlighted that some vulnerabilities are the same as those present in IoT devices of 10 years earlier. Devices that are inherently insecure are connected to organizations’ and/or their customers' networks, resulting in critical exposure points for cybercriminals and nation state threat actors. While regulation and legislation is on the way, organizations need to be aware of the risks posed by these technologies and ensure they are managed effectively.

Meanwhile, Tom Koulopoulos, highlighted that it is human behavior that has shaped the evolution of technology throughout history importance of embracing new cybersecurity models to secure emerging technologies, focused on behavioral data and digital trust – assisted by AI tools. 

These are just a few many noteworthy takeaways of the event shared by industry leaders including the PCI SSC, Verizon, Target Corporation, Microsoft and more. The wide-reaching agenda covered included website security, AI and emerging technology in payments security, crisis management and incident response, cloud security and more.

With over 1,200 attendees from North America, LATAM and EMEA, the event in Boston provided a fantastic opportunity for us to connect in person with many of our customers and QSA partners. It was a pleasure for our team to engage with them directly and share updates on our latest data discovery innovations and product advancements. We would like to thank the PCI SSC, the speakers and the sponsors for their efforts in organizing and supporting this event.