17th PCI London, 5 July 2018, London, UK
“I found the event extremely useful in getting an industry perspective on
what is going on in the world of PCI and GDPR.”
Lead IT Auditor, Camelot Group
“Nearly half (44.6%) of companies still fail to protect payment card data on an ongoing basis ...
[and] Many of the security controls that [are] not in place cover fundamental security principles that have broad applicability,” ”
Verizon 2017, Payment Security Report
We all know the basic statistics. After a decade or more of focus on card data security, it is still the case that at least 50% of organisations that need to be PCI DSS compliant are not.
And if they were hoping that the success of de-scoping technologies, and the advance of mobile and tokenisation products mean a swift end to card data as we know it, then they may have miscalculated.
Not simply because those technologies will take several years to roll out fully, but because GDPR will force all companies to reconsider their compliance processes and those with a PCI DSS programme in place are at a definite advantage: they already have staff and processes that can be adapted to the new environment.
So companies who should already be PCI DSS compliant now have two good reasons to put their house in order: first, in this new era of focus on data protection, privacy and cybersecurity, non-compliance is not a sustainable strategy.
And second, since GDPR compliance is a legal necessity, not simply a contractual arrangement, and since PCI DSS can provide a framework for it, does it not make sense to put in place a full PCI DSS compliance programme with whatever hybrid elements are required in addition to satisfy the wider privacy requirements of GDPR? Especially since, as Verizon point out, “many of the [PCI DSS] security controls that [are] not in place cover fundamental security principles that have broad applicability.”
The 17th PCI London will look at the latest in the processes and technologies used to protect payment and personal data. There will be real-life case studies, strategic talks and technical break-out sessions from PCI teams behind some of the world’s most admired brands, who know, just like you, that payment security is now more important to business than ever.