Version 2.0 of the Payment Card Industry Data Security Standard is in effect, and already thought-leaders are reviewing emerging technologies and payment card security trends with an eye toward how they may impact PCI's future.
Meanwhile, the single biggest question on the minds of merchants, processors and service providers today is: How do I get - and stay - PCI compliant?
This panel will answer that question with an eye toward PCI's future, exploring:
PCI's global influence on smaller merchants and service providers with limited IT resources and lack of security expertise;
The role of emerging technologies such as encryption and tokenization;
Tips and tricks to make a PCI compliance program a success.
The Payment Card Industry Data Security Standard is a comprehensive standard intended to help organizations proactively protect customer account data. In 2004, the PCI standard was created as a result of a cooperative effort between Visa/MC, AMEX, Discover, Diners and JCB.
Before PCI was created, credit card merchants had individual means for organizations to secure customer data. Organizations were forced to perform similar audit reviews for each type of merchant card.
PCI is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
Version 1.0 of the PCI standard was released in Dec. 2004. It subsequently was updated in 2006, 2008 and 2009. Version 2.0 of the PCI standard was announced in late 2010 and went into effect in Jan. 2011.
In November of 2008, payments processor RBS WorldPay was hacked, and fraudsters gained access to as many as 1.5 million consumer accounts.
Then, on Inauguration Day 2009, Heartland Payment Systems (HPY) disclosed that it had been breached, exposing an estimated 130 million credit and debit card holders to potential fraud in what is the largest data compromise ever reported.
Heartland maintained it was PCI compliant. But Visa subsequently removed Heartland and RBS WorldPay from its list of PCI compliant vendors until they could be re-assessed for compliance. Visa's public stance: "We've never seen anyone who was breached that was PCI compliant."
The RBS WorldPay and Heartland security breaches raised serious questions about organizations achieving PCI compliance, but still suffering such incidents: How does one attain and sustain PCI compliance?
This question will be explored in this panel discussion, as will:
What is in scope and out of scope in terms of PCI compliance?
How can Managed File Transfer help companies achieve PCI compliance?
How can PCI compliance help an organization consolidate its data security tools?
Andre Bakken is Director of Product Management of Ipswitch's Level 5 Products. His secured and encrypted Managed File Transfer applications have helped companies comply with PCI for more than four years. Mr. Bakken is responsible for the roadmap, strategy and requirements for Ipswitch's enterprise-class applications.
Before joining Ipswitch, Mr. Bakken was Director of Product Management for secured Managed File Transfer products at Axway and Tumbleweed. Mr. Bakken comes to Ipswitch with over 16 years of successful product management and product marketing experience at secured, enterprise-class and consumer companies like Macrovision, Alphablox, Hyperion and Microsoft (Great Plains Software). Mr. Bakken holds a bachelor's degree in computer engineering from the University of Arizona
Research Vice President, Gartner GTP Security and Risk Management Strategies
As Research VP at Gartner, Chuvakin specializes in projects involving data loss prevention, threat intelligence, vulnerability assessment and vulnerability management, security monitoring of public cloud assets, network forensics and denial of service (DoS/DDoS) protection. Before joining Gartner, his job responsibilities included security product management, research, competitive analysis, PCI-DSS compliance and SIEM development and implementation. He is the author of two books, "Security Warrior" and "PCI Compliance," and was a contributor to other industry resources, including "Know Your Enemy II" and "Information Security Management Handbook."
Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.