Four Insights from Day 1 of the PCI NACM

8 months ago AndyC

The 2023 North America Community Meeting convened in Portland, OR this week, bringing together thousands of payment security experts from across the globe.

Four Insights from Day 1 of the PCI NACM

The 2023 North America Community Meeting convened in Portland, OR this week, bringing together thousands of payment security experts from across the globe. The three-day program is jam-packed with dozens of presentations and panel discussions covering a broad range of payment security topics.

The following are just a few of the takeaways from the first day of the conference.

Security is a Journey, Not a Destination

Lance Johnson, Executive Director of PCI SSC, reminded the audience that proper security requires ongoing vigilance. As payment technology evolves and new attack vectors emerge, the Council relies on industry feedback and insights to help keep global payment data secure. In reaction to industry shifts, the Council recently updated its Participation Program to enable broader industry participation. Learn more here: New Opportunities for Collaboration with the Council

Resources Abound to Help the Industry Understand PCI DSS v4.0

The Council presented a series of discussions focused on common industry questions to help the industry understand the latest version of PCI DSS v4.0. With the 2024 March retirement of PCI DSS v3.2.1, the transition is top of mind in the payment security industry.

Council-created PCI DSS v4.0 resources that were highlighted on stage included:

AI Technology Provides Both Opportunities and Risks to Payment Security

There are both opportunities and risks when considering AI’s role in payment security. While AI provides opportunities to automate mundane tasks, over reliance can lead to issues. Organizations may become overly reliant on AI for payments, leaving little room for human judgment and intuition. AI tools can produce biased results based on the data they were trained on. Be aware of this potential bias and take it into account when interpreting the output. The more you understand about how an AI tool works, the better you can evaluate its reliability.

Breached Card Data is Trending Downward

A Verizon survey shows that since 2018, payment card data is being featured less and less in data breaches. Effective security controls – such as those defined in PCI DSS v4.0 – are helping organizations keep their payment data secure. However, organizations are still being attacked, so vigilance is crucial. As new payment technologies emerge and as criminals find new ways to steal data, it’s the role of the Council – in close partnership with the payments industry – to develop and evolve standards to keep pace with criminal activity. 

Subscribe to the PCI Perspectives Blog for More Payment Security Insights

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , ,

More Stories

Protecting Model Updates in Privacy-Preserving Federated Learning: Part Two

2 days ago AndyC

Take A Tour! NIST Cybersecurity Framework 2.0: Small Business Quick Start Guide

3 days ago AndyC
Coffee with the Council Podcast: Help Shape the Future of Payment Security as a PCI SSC Participating Organization

Coffee with the Council Podcast: Help Shape the Future of Payment Security as a PCI SSC Participating Organization

5 days ago AndyC
Resource Guide: Earn Continuing Professional Education Credits Through the Council

Resource Guide: Earn Continuing Professional Education Credits Through the Council

1 week ago AndyC

Giving NIST Digital Identity Guidelines a Boost: Supplement for Incorporating Syncable Authenticators

2 weeks ago AndyC
PCI DSS v4: What’s New with Self-Assessment Questionnaires

PCI DSS v4: What’s New with Self-Assessment Questionnaires

1 month ago AndyC

You may have missed

LockBit published data stolen from Simone Veil hospital in Cannes

LockBit published data stolen from Simone Veil hospital in Cannes

12 hours ago AndyC

Friday Squid Blogging: Squid Purses

12 hours ago AndyC
Monash Health data caught up in attack on records digitisation provider

Monash Health data caught up in attack on records digitisation provider

17 hours ago AndyC
Russia-linked APT28 and crooks are still using the Moobot botnet

Russia-linked APT28 and crooks are still using the Moobot botnet

18 hours ago AndyC

My TED Talks – Schneier on Security

18 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.