26th PCI London: Meeting the challenge of 4.0.1

Lessons from the leaders

21st January 2025 •  Park Plaza Victoria, London

Come the end of March, organisations need to comply with all parts of the new Standard. What have the pioneers discovered and what pitfalls exist for the unwary?

 

For those who commit to PCI DSS 4.0.1, the benefits extend far beyond card data security

PCI 4.x.x had two categories of new requirements: requirements effective immediately for all PCI assessments after March 31, 2024, and ‘future’ best practices which become mandatory on March 31, 2025. Almost every part of the original PCI DSS 4.0 had at least one 2025 requirement – and here we are!

PCI DSS 4.0.1 is here and presents a complex, multidimensional compliance challenge for end-users, auditors, and vendors.

It, of course, focuses on the payments landscape, on encryption, tokenisation, and authentication.

But it also contains recommendations on broad security challenges such as vulnerability scanning, malware detection, and ways to prevent attacks on browsers and other e-commerce channels. It looks at data-protection from an AI and Cloud perspective. It demands higher standards of automation and continuous monitoring. It modernizes how your organisations have to look at what is in and out of scope, including a strong focus on how you deal with third-parties.

And because the Standard is now a much broader and more detailed blueprint for data and application security, it requires best practice across all facets of cybersecurity: in other words, there’s nothing inherently special about card data. If you want to make sure that your payments infrastructure including cards is secure, then what you are really saying is that you need security across your whole estate. Sure, you can attempt to get card data and payment systems out of scope (harder today than before), but why not just get security for all your data (and other critical processes) right, and then PCI DSS compliance will emerge from your security programme as a result.

So, this year’s event will look at:

  • The key requirements of PCI DSS 4.0.1: priorities and resourcing
  • Who is moving successfully to PCI DSS 4.0 and how are they doing it?
  • Sectoral differences in the approach to PCI DSS compliance
  • Building PCI DSS into your broader GRC and regulatory compliance efforts
  • From cybersecurity to PCI DSS compliance
  • Technology and PCI DSS: mapping the standard to specifics

 

PCI London will continue our look at PCI DSS 4.0 and the progress compliance teams are making.
Join our real-life case studies and in-depth technical sessions from the PCI compliance leaders at a broad cross-section of organisations and sectors.

 

View details of the previous event

  • Reducing the cost of PCI DSS compliance

    • Most companies have limited resources to devote to one small dataset (card data).
    • They need solutions that can be applied more widely, they need automation, and they need pro-business solutions.
    • So, how do you derive PCI DSS compliance from your existing security processes?

  • Securing Cloud and other critical third-party dependencies

    • PCI DSS 4.0 allows firms to choose their path to delivering the security and privacy objectives set by the standard.
    • It then specifies how organisations can demonstrate that their chosen solutions do indeed deliver those outcomes.
    • How can you help?

  • Aligning PCI DSS, GDPR and broader GRC efforts

    • Companies have spent significantly on PCI DSS, then poured more resources into GDPR and other compliance initiatives.
    • What commonalities tie their different compliance goals together and which technologies can save them money while keeping them secure?
    • How can companies streamline their compliance efforts to optimise their use of resources?

  • Vulnerability Management and remediation

    • Firms need to know where the greatest risks to their data lie and how best to mitigate them.
    • To do this, they need network and process visibility, third-party visibility and good technology to cover new payments channels and platforms.
    • Can your solutions help them?

  • Getting continuous monitoring and automation right

    • All compliance regimes evolve as the wider marketplace does. Keeping up is a constant struggle.
    • But with PCI DSS 4.0 promising a new risk-based approach, will yet another round of investment be needed?
    • Can your solutions ease the transition?

  • New technologies – a challenge to compliance?

    • The world of payments is in flux.
    • From Klarna to Stripe, from Wise to wallets, the tools we use to make payments and the channels through which card data flows are changing.
    • How much do these innovations change the nature of PCI DSS compliance and can you help??

Who attends

Job titles

Head of Digital Security
Head of Infrastructure Service Delivery
Information Security Officer
Senior GDPR & PCI Specialist
Senior Infosec Specialist
Principal Security Analyst
Lead Equity Research Analyst
Data Protection GDPR Manager
Compliance Officer
Security Architect, Senior Vice President
CISO
Programme Manager
Director of Financial Operations
Data Compliance Manager
Financial crime Executive
Assistant Director of IT
PCI DSS Support Function Manager
Digital Criminal Justice Lead
Senior Customer Success Manager
Global PCI Analyst
Director of Security
Card Scheme Compliance Manager
Data Protection Officer
PCI ISA - Compliance Consultant
Head of Compliance / MLRO (SMF16/17)
Senior InfoSec Compliance Analyst - Payment, Governance, Risk & Compliance
Senior Information Security Analyst
Senior Project Manager
Senior Information Technology Security Analyst
PCI Assurance Manager
Director of Security & Trust
Information Security Governance, Risk and Compliance Lead
CISO
Information Security Officer
Senior Information Compliance & Control Manager
Director of Technology & Information Security
HoD Information Security, Governance and Compliance
Manager - International, Payment Security & Governance
Operational Audit Manager
Information Security Officer
Group Information Security Manager
Head of IT Risk Governance
Principal Enterprise Architect
Information Technology Compliance Manager
Information Security Analyst
Security & Compliance Manager
Senior Security GRC Analyst
IT Security
Cyber Security Project Manager
Infosec Lead
Senior Tech Manager, Info Sec, Risk & Compliance
IT Security Administrator
Scheme Compliance Analyst
Head of Payments, Consumer Finance and Fraud
Chief Information Security Officer
Cyber Security Manager
Senior Systems Support Specialist
Senior Solution Engineering Manager
Director - Fraud Risk, Payments & Digital
Compliance and Security Analyst
Cyber Defence Manager
Security and Compliance Officer
Director of Information Security
Compliance Manager
Information Security Policy and Standards Manager
Payment Security Manager
Head of Solution Engineer Zoom Phone
Compliance and Audit Manager
IT Security Assurance & Compliance Senior Lead
Card Systems Specialist
Security Operations
Senior Network and Security Specialist
Global head of Security Compliance
Information Security Manager
Cyber Security Risk and Compliance
Payment Operations and Assurance Manager
International Director
Cyber Security Specialist | PCI ISA
Data Protection Officer
Digital Safety Compliance Analyst
Head of IT Security, Risk and Compliance
Principal Product Manager
Cyber Security and Compliance Manager
PCI Assurance Professional
Network Engineer
Cyber Security Analyst
Head of Data Protection and Privacy
Data Protection Compliance Manager
Security Design and Assurance Specialist
Schemes Compliance Manager
PCI Compliance Manager
PCI DSS Compliance Support Coordinator
Data Security Compliance Officer
IT Risk and Compliance Analyst
Compliance and Security Officer
PCI Compliance & Risk Manager
Senior Security Architect
Governance and Compliance Manager
Head of Product Compliance
Information Security, Risk and Compliance Manager
Team Lead, Card Systems UK and Ireland
Senior IT Risk Manager
PCI DSS Compliance Lead
Senior Cyber Security Analyst
Data Compliance Assistant
Head Of Billing
Information Security Auditor
Senior Security Architect
ICT Audit manager & Data Protection Officer
Head of IT Programme Management & Information Security
Senior Security GRC Expert
Group Data Protection Officer
Information Security Specialist
Cyber Security Assurance Specialist
Information Security Manager
Head of Information and Cyber Security
Information Security Analyst
Senior Information Security Analyst
Senior Risk Manager
Risk & Compliance Director
Director of Customer Data Security
Head of Compliance
Systems Consultant
CISO, Compliance Manager
CISO, Compliance Manager
Payments Compliance Product Owner
Global PCI Compliance lead
Solutions Architect
Program Specialist
Banking & Income Systems Manager
Vice President, EMEA & UK/I for Cyber Hygiene
Information Security Officer
Detective Superintendent Head of Economic Crime
Information Security Analyst
Information Security Officer and Infosec Lead
Director of Finance
Director of Compliance
Senior Compliance Officer - Finance
Head of Compliance, Director and MLRO
Senior Information Security Analyst
GRC Analyst
Data Protection Manager
Fraud & Payments Manager
Senior Special Agent - Global Security
Director of Cyber Security & Compliance
CISO
Head of Audit
Global PCI Lead
Head of Technology
Lead Security Architect
Security Compliance Manager
PCI Compliance Analyst
Senior Security Consultant
Cyber Security Architect
Project Manager
Information Security Risk and Assurance Specialist
IT Manager
PCI Manager
Senior Manager Security Governance & Compliance
Accounting Manager
Global Cybersecurity Lead
Head of IT Audit (Tech & Cyber Security) - UK HUB
Security, Risk and Compliance Director
Group Information Security Officer
Project Manager - Cyber Security
Head of Risk and Compliance
Information Security Analyst
Communications and Product Manager
IT Manager
Senior Analyst Developer

Companies

Royal Society for the Protection of Birds (RSPB)
Sky
Boden
Soho House Group
Just Eat
First Rate Exchange Services
Arete Research
HM Courts & Tribunals Service (HMCTS)
Village Hotel Club
Citigroup
Domino's Pizza
Sky
BBC
Taylor Wimpey
CIMB
Millennium Hotels & Resorts
NatWest Group
Metropolitan Police Service
CashFlows
BP
Feeld
CashFlows
Caravan and Motorhome Club
The Access Group
Persia International Bank plc
Live Nation International
Travis Perkins
Sky
MarkerStudy
Barclaycard
Reed & Mackay
pladis Global
Footasylum
Formula 1
Driver and Vehicle Licensing Agency (DVLA)
Atcore Technology
Currys plc
Live Nation International
Sky
Collinson Group
Ocado
Bupa Global
BT
SSP
WHSmith
SilverRail Technologies
Sky
Anderson Zaks
Greene King
CashFlows
Just Eat
The Appointment Group
Paysafe Group
OVO Group
WHSmith
Tesco Mobile
Atcore Technology
EVO Payments
Standard Chartered Bank
Transport for Greater Manchester (TfGM)
Travelex Holdings
HSS Hire Service Holdings Limited
Reward Gateway
FIS Global
Hutchison 3G UK Ltd t/as Three UK
Vodafone
Zoom Technologies
South Western Railway
Mars
Valero Energy Corporation
Cancer Research UK (CRUK)
Public Health England
Reed Exhibitions
National Trust
Manchester Airports Group (MAG)
Transport for London (TfL)
PCI Security Standards Council
Santander
Imperial Brands Plc
easyJet
Homebase
Paysafe Group
Tate
BT
CertSure
First Rate Exchange Services
Manchester Airports Group (MAG)
Driver and Vehicle Licensing Agency (DVLA)
Cancer Research UK (CRUK)
Paysafe Group
Direct Line Group
Imperial College London
Caravan and Motorhome Club
The Walt Disney Company
Kent County Council
Transport for London (TfL)
John Lewis Partnership
Whitbread PLC
Kindred Group
Airwair International Ltd - Dr Martens
Valero Energy Corporation
Diligenta
Virgin Media
Sky
Taylor Wimpey
Glow Financial Services
Paragon Customer Communications
Amazon Web Services
Publica Group
Azzurri Group
Wise
Quintessentially
Vanquis Bank
Howdens Joinery
London North Eastern Railway
Diligenta
Ocado Technology
Dunelm Group plc
Transaction Network Services
ERGO Travel Insurance Services Ltd
Elavon
Moneyboat
Atcore Technology
Direct Line Group
Direct Line Group
British Airways
The TJX Companies
Parliament UK
PCI Security Standards Council
Oxfordshire County Council
Deutsche Bank Group
Anderson Zaks
Metropolitan Police Service
JD Sports Fashion plc
Specsavers
WSH Group
Starling Bank
King's College
Payabl.
Marie Curie Cancer Care
NEXT
Phoenix Group
FitFlop
American Express
Lumanity
Ted Baker
Waterstones
BP
ClearCourse LLP
BP
Pennon Group
Anglian Water Services
Co-operative Bank plc
The University of Manchester
The Travel Corporation
Hutchison 3G UK Ltd t/as Three UK
Mayflower Theatre Trust LTD
RSA Insurance Group
BT
CertSure
HSBC
BNP Paribas Group
ZEAL Network
Harvey Nichols Group Limited
Sky
Thredd
National Trust
Barclaycard
DorisIT
Royal Holloway University of London

Industries

Charity
Media
Retail
Travel/Leisure/Hospitality
Retail
Banking
Other Industry
Central Government
Travel/Leisure/Hospitality
Banking
Retail
Media
Media
Real Estate
Banking
Travel/Leisure/Hospitality
Banking
Regional Law Enforcement
Security Product Vendor
Oil/Gas
Other Industry
Security Product Vendor
Travel/Leisure/Hospitality
Software
Banking
Travel/Leisure/Hospitality
Construction
Media
Insurance
Banking
Travel/Leisure/Hospitality
Manufacturer
Retail
Automobiles/Parts
Central Government
Travel/Leisure/Hospitality
Retail
Travel/Leisure/Hospitality
Media
Insurance
Transportation/Shipping
Healthcare Services
Telecommunications
Food/Beverage/Tobacco
Retail
Software/Hardware
Media
Banking
Food/Beverage/Tobacco
Security Product Vendor
Retail
Travel/Leisure/Hospitality
Software/Hardware
Electricity
Retail
Telecommunications
Travel/Leisure/Hospitality
Banking
Banking
Transportation/Shipping
Banking
Household/Personal Products
Media
Banking
Telecommunications
Telecommunications
Security Product Reseller
Transportation/Shipping
Food/Beverage/Tobacco
Oil/Gas
Charity
Central Government
Other Industry
Charity
Transportation/Shipping
Transportation/Shipping
Regulator
Banking
Manufacturer
Transportation/Shipping
Household/Personal Products
Software/Hardware
Education
Telecommunications
Construction
Banking
Transportation/Shipping
Central Government
Charity
Software/Hardware
Insurance
Education
Travel/Leisure/Hospitality
Media
Regional Government
Transportation/Shipping
Retail
Travel/Leisure/Hospitality
Casinos/Gaming
Retail
Oil/Gas
Consultancy
Media
Media
Real Estate
Banking
Software
Security Product Vendor
Central Government
Retail
Banking
Travel/Leisure/Hospitality
Banking
Retail
Travel/Leisure/Hospitality
Consultancy
Software
Retail
Software
Insurance
Software
Banking
Travel/Leisure/Hospitality
Insurance
Insurance
Transportation/Shipping
Retail
Central Government
Regulator
Regional Government
Banking
Banking
Regional Law Enforcement
Retail
Retail
Real Estate
Banking
Education
Banking
Charity
Retail
Banking
Retail
Banking
Research
Retail
Retail
Oil/Gas
Software/Hardware
Oil/Gas
Water/Sewage
Water/Sewage
Banking
Education
Travel/Leisure/Hospitality
Telecommunications
Other Industry
Insurance
Telecommunications
Construction
Banking
Banking
Casinos/Gaming
Retail
Media
Banking
Charity
Banking
Education
Education


Venue

Park Plaza Victoria, London

vpp

Location:
Park Plaza Victoria
239 Vauxhall Bridge Road, London, UK, SW1V 1EQ
Telephone: 0333 400 6140

Directions:
Please click here