24th PCI London
25th January 2023 • Park Plaza Victoria, London, UK
A new template for a changing world
PCI DSS 4.0 is not simply an upgrade to a standard dedicated to securing a few digits of a PAN. It places new emphases on risk analysis and organizational governance; it has huge implications for client-side security and contains brand new requirements related to how businesses identify, inventory, and manage scripts operating in web browsers that collect payment information.
Compliance activities are no longer limited to once annually, but are now required continuously. Organizations will also be required to produce more security documentation. And regular QSA assessments will place PCI 4.0 activities under added scrutiny.
Requirement 6.4.1 notes that for public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis and these applications are protected from known attacks.
Requirement 6.4.3 specifies, amongst other things, that an inventory of scripts must be maintained with written justification as to why each script is necessary, and a method must be implemented to assure the integrity of each script.
Requirements 12 and 13 expand the compliance scope and make compliance continuous, instead of just single snapshots in time. They also require merchants and service providers to conduct, at minimum, annual reviews of hardware and software technologies in use, including plans for remediation for outdated technologies.
These selections from the new standard show that PCI DSS 4.0, if followed, delivers far more than simple compliance on a limited set of payment data. It provides the foundation for securing a modern business in a digital, ecommerce-driven world.
But to achieve compliance, firms will need to change their mindset. The customized approach, enhanced validation methods and procedures, and some other elements of the new standard are new, and some are not supported in current QSA validation methods.
Join us in London on 25th January to learn from our mix of technical presentations, case studies and interactive panels; as well as to meet old friends and colleagues and make new contacts. And join us for a drink afterwards.