PCI DSS are global standards which are constantly evolving. As such, the PCI SSC community meetings are the highlight of a data security professional’s calendar, as we come together to discuss changes and best practice. Held globally, PCI Pal attend the North American and European meetings, allowing us to gauge issues, concerns and processes by region. Here’s what we learnt from this year:
PCI North America: Am I truly compliant?
During our three days in Las Vegas, we heard this question a lot. Highlights from the Verizon report released on day one of the event stated that there has been a drop in organisations who are PCI compliant. This appeared to be at the forefront of attendees’ minds as the event progressed, particularly with several presentations and panel discussions examining how the increased use of cloud services and alternative payment technologies are affecting compliance.
For us, an additional highlight of the event was the Keynote speech from Jeff Skiles, co-pilot of U.S airways flight 1549 which executed an emergency landing in the Hudson in 2009. Most notable was his comments around how their pilot training and adherence to industry procedures allowed him and captain Chelsey Sullenberger to work together as a team to safely land the plane and save 155 lives. Raising questions such as “do you trust the current systems and procedures you have in place?” Our main takeaway from the event was that organisations will struggle with compliance unless they have the right systems and procedures in place to begin with, and don’t wait for an emergency to test this.
PCI Europe: Keep calm and descope.
There was a slightly different feel to the European meeting in London by comparison. We were excited to announce the release of our latest whitepaper in conjunction with Verizon, ‘Keep Calm and Descope… Achieving sustainable PCI DSS compliance in contact centre environments’ which prompted discussions around how, in the face of new requirements and tighter regulations, removing credit card data from contact centres all together is the way forward, echoing many of the session themes throughout the event. Of course, GDPR was still high on the agenda, focusing on the way businesses handling and storing PII. Our main take away from the event is that whilst businesses are expected to be fairly savvy with the existing technology and state of play by way of regulation, it’s clear that many companies feel both opportunity and risk lay in wait with the changing nature of Privacy and data regulations. The growth and increasing-dominance of Cloud services are leading more organisations to the conclusion that descoping their environments from the requirements of PCI DSS is the simplest and most secure way to handle their customer’s credit card data.
Interested in learning more about PCI Pal? Get in touch with one of our experts today.