18th PCI London, 24 January 2019, London, UK
The challenge of compliance in an era of constant change
"PCI compliance standards are slipping across global businesses and this simply can’t continue. Consumers and suppliers alike trust brands to secure their payment data, so we must act now to remedy this state of affairs. We urge businesses to reassess their measurement methodologies for PCI control effectiveness, and to concentrate on managing the sustainability of their data protection ... There is a clear link between PCI DSS compliance and an organization's ability to defend itself against cyberattacks," Rodolphe Simonetti, Global Managing Director for Security Consulting, Verizon
After documenting improvements in the overall level of PCI DSS compliance for several years in a row, Verizon’s 2018 Payment Security Report has revealed a decline in organizations' level of full PCI DSS compliance for the first time. In the 2018 report, 52.5 percent of organizations were compliant with PCI-DSS, declining from the 55.4 percent that was reported last year.
Things can look even worse at a sector level: according to a recent SecurityScorecard report of more than 1,500 domains, "over 90 percent of the retail domains analysed indicated non-compliance with PCI DSS standards."
And recent events in the UK have shown us that for a variety of reasons, even large, highly-regulated companies fail annual compliance and many have never complied at all.
So why is compliance falling? Is it because compliance teams are de-prioritising PCI in favour of broader but mandatory privacy and security requirements? Or is the answer more to do with digital transformation than any shift in the compliance mindset?
For any company that has achieved even a moderate level of business complexity, PCI Compliance would be hard enough in a static environment. But the environment is anything but static. Digitalisation is constantly moving the goalposts for compliance teams as the underlying business struggles to cope with changing customer demands, revolutions in payment channels and other technology.
And that is before taking into account broader trends such as Cloud, IT outsourcing, the problem of integrating acquisitions and the continuing development of the regulatory environment.
In this environment of shifting requirements and moving goalposts, this 18th edition of PCI London will help answer the questions:
How can PCI compliance professionals keep up with digitalisation and other broad technology trends?
Which technology issues present the most significant obstacles to compliance and what are the potential solutions?
How can they maintain compliance cost-effectively?
What are the priorities in PCI DSS and what are the main hurdles in implementing them?
What technology solutions overcome the key pain points?
How can compliance professionals evidence the value-added of full compliance to management and the business?
The PCI DSS standard has been around since 2004. Compliance has always been a moving target, but it is clearly getting harder. This 18th edition of PCI London will help you chart a path through this new environment.
See you on January 24.