Following is a short summation of the first day in Nice Magnus Andersson, VP Business Development at 24 Solutions.
In order to respond to fast developments the Council has moved focus from “compliance” to “risk-based decision making.” They have appointed an internal task force to look over what is required for this. The idea is that the entire chain in an ecosystem that handles card payments data needs to undergo an indepth risk assessment and that adjustments need to be made continuously to address new risks when they arise. The PCI DSS framework is being updated with the new
The PCI SSC has increased collaboration with e.g., FBI, Secret Service, CIA, EUROPOL, etc. to capture Cybercrime developments. They also have an ongoing dialogue with the European Central Bank, the ECB and other similar organizations. An advisory board of 28 members from different banks, software manufacturers, traders and other parties that handle cardholder data and security has been created. All of this is to ensure that PCI DSS regulations move in the right direction and that security is improved.
As we have recently seen requirements are update more often, and will continue to be so. Requirements are more detailed, e.g., surrounding encryption and monitoring to address emerging threats. The plan is to release more white papers, guidelines and references about how to use, build and manage systems that handle card data to create good standards with high security.