Preparing for Better Payment Card Security With PCI DSS 4.0Jeremy King of PCI Security Standards Council to Speak at ISMG's London Virtual Summit
See Also: A Toolkit for CISOs
The council is preparing a major update to the Payment Card Industry Data Security Standard, or PCI DSS, and is adding to its Software Security Framework, which is designed to better protect payment card data.
"Payments are changing ever rapidly. And it's really important that our programs change as well," says King, the international director of the council. "PCI standards did not stop evolving even during the COVID crisis. Instead, we came up with a new standard called the Software Security Framework."
King will speak about new PCI standards, the state of payment card security, the challenges of working remotely and other challenges at Information Security Media Group's Virtual Cybersecurity and Fraud Summit: London on Oct. 20.
The PCI Security Standards Council is preparing to complete version 4.0 of the PCI Data Security Standard. The main document supporting PCI DSS 4.0 is expected to be ready by the middle of 2021, with supporting documents ready for publishing in 2022, King says.
The new standard will address issues ranging from encrypting cardholder data on trusted networks to expanding the use of authentication to align with standards developed by the U.S. National Institute of Science and Technology.
ISMG London Summit
In addition to King, the ISMG London virtual summit, which is free to attend, will feature a long list of other experts sharing insights and in-depth analysis on the cybersecurity challenges posed by the COVID-19 pandemic and how enterprises are planning to support a remote workforce that will likely stretch into 2021 and beyond.
Other featured speakers will include Jonathan Armstrong, attorney and partner at Cordery, who will speak on legal and compliance issues for European enterprises; Bobby Ford, CISO at Unilever, who will speak on cybersecurity prioritization in 2021; and Randy Trzeciak, the director of the CERT Insider Threat Center at Carnegie Mellon University, who will address issues of payment card fraud and insider threats.
Keeping Payments Secure
King points out that the Software Security Framework, which was introduced in 2019, has since been updated to meet the challenges that came with securing payment data during the pandemic.
The framework is a collection of related software security standards and associated validation and listing programs that the industry can use to help improve payment card security.
Because software now changes so rapidly, the council also is looking to create standards and guidelines that can keep up with the pace of change.
"This really expands beyond PCI DSS because we know that software is changing and software now is only developed for a short period of time," King says. "When I first started, software would not change for over a year. Now, it barely gets used for a weekend, so we need to know that our security standards are up for this."