Navigating the Future of Payment Security: Insights from PCI London 2024

We were excited to kick-off our 2024 events calendar at PCI London last week. Hosted by AKJ Associates, the event brought together payment security experts and cybersecurity practitioners from diverse industries to share their insight and experiences.

The theme of the event centered around the upcoming PCI DSS v4.0 compliance deadline and how emerging technologies may impact the payments landscape. The packed agenda showcased a variety of speakers, panel discussions, education seminars and networking opportunities.

PCI DSS v4.0 is Coming Soon

As the focus of the event, PCI DSS v4.0 featured throughout the agenda. The latest version was developed in collaboration with the payments community, with more than 6,000 comments informing the updated standard.

While it was highlighted that PCI DSS v4.0 is a base standard, rather than a gold one, the latest version has adopted zero-trust principles. In transitioning to the new standard, businesses are encouraged to focus on their security foundations and consider strategies to enable sustainable compliance.

Further, PCI DSS should be used in conjunction with other security standards to achieve data security, rather than being operated as a separate initiative. In fact, it can be used as a foundation to achieve compliance with a range of other cybersecurity standards including ISO27001, SOC2, and NIST.

Data Discovery Supports Sustainable Compliance

Ground Labs’ co-founder and chief evangelist took to the stage and explained how organizations can harness data discovery for sustainable compliance.

While data discovery has by many been considered a one-off exercise as part of a new PCI DSS program, changes in PCI DSS v4.0 of the standard mean that is now a fundamental element of compliance.

Purpose-built discovery solutions not only identify cardholder data wherever it is stored but also provide remediation options to address unexpected data stores and unauthorized repositories. Their role extends beyond scoping across up to 27 controls across the standard and supports data security for privacy compliance and other cybersecurity initiatives.

Mobile Payments are on the Rise

The landscape of mobile payments is shifting rapidly as more and more people utilize the payments capabilities of their devices.

Hackers are turning to mobile as a weak link in the payments security ecosystem, exploiting mobile apps and devices to steal card data and compromise active transactions. Organizations are advised to adopt the PCI Software Security Framework for guidance in developing security payment software for all platforms, including mobile.

Generative AI is Changing the Game

AI is changing how businesses interact with their customers and their data. While this may provide quicker and improved customer service, where they interact or integrate with payments processes, this presents new challenges for PCI DSS and payment security. Not least, ensuring that payments information remains protected while enabling the opportunities offered by AI services.

These are only a few of the many noteworthy takeaways of the event shared by industry leaders such as the PCI Security Standards Council, BT, Jscambler, Integrity360. The topics covered included website security, mobile payment security, crisis management and incident response, cloud security and more.

PCI London provided a great opportunity to learn from experts and network with peers. We would like to thank AKJ Associates, the speakers and the sponsors for their efforts in organizing and supporting this event.