Four Insights from Day 1 of the PCI NACM
The 2023 North America Community Meeting convened in Portland, OR this week, bringing together thousands of payment security experts from across the globe. The three-day program is jam-packed with dozens of presentations and panel discussions covering a broad range of payment security topics.
The following are just a few of the takeaways from the first day of the conference.
Security is a Journey, Not a Destination
Lance Johnson, Executive Director of PCI SSC, reminded the audience that proper security requires ongoing vigilance. As payment technology evolves and new attack vectors emerge, the Council relies on industry feedback and insights to help keep global payment data secure. In reaction to industry shifts, the Council recently updated its Participation Program to enable broader industry participation. Learn more here: New Opportunities for Collaboration with the Council
Resources Abound to Help the Industry Understand PCI DSS v4.0
The Council presented a series of discussions focused on common industry questions to help the industry understand the latest version of PCI DSS v4.0. With the 2024 March retirement of PCI DSS v3.2.1, the transition is top of mind in the payment security industry.
Council-created PCI DSS v4.0 resources that were highlighted on stage included:
AI Technology Provides Both Opportunities and Risks to Payment Security
There are both opportunities and risks when considering AI’s role in payment security. While AI provides opportunities to automate mundane tasks, over reliance can lead to issues. Organizations may become overly reliant on AI for payments, leaving little room for human judgment and intuition. AI tools can produce biased results based on the data they were trained on. Be aware of this potential bias and take it into account when interpreting the output. The more you understand about how an AI tool works, the better you can evaluate its reliability.
Breached Card Data is Trending Downward
A Verizon survey shows that since 2018, payment card data is being featured less and less in data breaches. Effective security controls – such as those defined in PCI DSS v4.0 – are helping organizations keep their payment data secure. However, organizations are still being attacked, so vigilance is crucial. As new payment technologies emerge and as criminals find new ways to steal data, it’s the role of the Council – in close partnership with the payments industry – to develop and evolve standards to keep pace with criminal activity.