Meeting the challenge of 4.0.1 — Highlights from the 26th PCI London

The 26th PCI London, held on January 21, 2025, at the Park Plaza in Victoria, brought together cybersecurity experts, IT professionals and organizations to discuss the evolving world of PCI DSS compliance and cybersecurity strategies. 

Industry leaders shared insights on the latest PCI security standards updates, their challenges and best practices for safeguarding cardholder data and ensuring compliance in the face of today’s complex threat environment. 

Here’s our recap of session highlights and key takeaways from the event.

Session highlights 

A pivotal year for the PCI SSC

Jeremy King, VP and Regional Head for Europe, Security Standards Council, highlighted key updates to PCI security standards in his opening session. 2025 is set to be a pivotal year for the PCI SSC, with 10 of the 15 standards they oversee entering RFC processes (Request for Comment) within the next 12 months. King encouraged organizations to participate in the RFC process, providing their feedback to shape future updates.

 

Unpacking PCI DSS v4.0.1 scope changes

John Elliott, Security Advisor at Jscrambler, tackled the challenges introduced by the latest version of PCI DSS. More specifically, how the seemingly minor wording changes to the scope definition within the introduction of the standard actually represent a significant shift to scoping expectations for in-scope organizations.

Elliott urged businesses to take a closer look at their entire cardholder data environment (CDE) and consult with their Qualified Security Assessors (QSAs) to understand how these changes affect their compliance status.

Mastering PCI DSS compliance in a world of unstructured data

Ground Labs’ co-founder and CEO, Stephen Cavey, explored the unique challenges of managing cardholder data within vast stores of unstructured data, which now account for up to 90% of all business data. His session provided a solution-led approach to addressing the key compliance challenges and security risks of these data stores with advanced data discovery tools like Enterprise Recon as part of a holistic compliance and cybersecurity strategy.

Compliance-as-a-Service (CaaS) with Integrity360

Navigating PCI compliance is no small feat, which is why Ground Labs’ partner Integrity360 introduced their PCI Compliance-as-a-Service (CaaS) offering at the event. This managed solution aims to simplify compliance efforts by alleviating operational burdens for organizations through an expert-managed third-party service.

PCI DSS and internal standards at Barclaycard

Katie Cowman, Senior PCI Assurance Manager at Barclaycard, shared a behind-the-scenes look at how her organization became PCI DSS compliant. Cowman emphasized the importance of adopting a unified approach to cybersecurity policies meeting both internal and external mandates.

Why PCI DSS compliance matters now more than ever 

These sessions were just a glimpse of the many impactful presentations during the event. Other highlights included sessions on simplifying evidence collection, reducing audit stress through continuous compliance approaches and tackling newer PCI DSS requirements in serverless and cloud-native environments. 

With evolving cyber-threats, increasing data risks and a growing reliance on unstructured data, achieving PCI DSS compliance is both more challenging and more critical than ever. Businesses must take a proactive, informed approach to compliance to stay ahead of security threats and safeguard sensitive cardholder data.

We extend our gratitude to AKJ Associates for organizing this successful event, as well as the sponsors who made it all possible. 

Finally, congratulations to A Sherlock, our Ember mug winner. 

To find out how Ground Labs can support your PCI DSS compliance, arrange a complimentary data workshop or book a call with one of our experts today.