Thu Jan 21 GMT - Fri Jan 21 GMT (9 months ago)
In your timezone (EDT): Thu Jan 21 3:00am - Fri Jan 21 12:00pm
Securing online business and the online payments ecosystem has never been more important - so why are standards slipping?
It’s a cliché of our pandemic era that businesses must digitalise or die. It’s less often explained what this means in practice. But attacks like Garmin, the recent hack of Germany's state-owned vehicle fleet, which provides chauffeurs for parliamentarians and is run by the Bundeswehr military, and February’s DDoS attack (the largest in history) on AWS, illustrate that ‘going digital’ is seriously concrete.
It’s taking orders or bookings for your product or service online or via mobile; it’s accepting payments and providing refunds over the same channels; it’s collecting data that sits in digital shops; it’s developing digital services around even physical products and charging for them online via recurring subscriptions. Even the humble pizza merchant now takes all their orders via app, so a DDoS attack shuts down a physical food company and a breach of payment data pushes customers made disloyal by hunger to more reliable offerings.
All the while, the Magecart group is coming up with new skimming techniques to steal payment card data from the e-commerce sites of small and midsized businesses; other fraudsters have figured out how to use the Telegram app as a fast and easy way to steal payment card data from ecommerce sites; and larger companies are putting data at risk with flawed public Cloud migrations, as demonstrated by the $80 million fine recently imposed on Capital One by the US OCC for last year’s card data breach.
Into this melée comes PCI DSS 4.0 at some point in 2021. What exactly will it look like? Are people waiting for what they hope will be a major revamp that takes the practical realities of the digital revolution into account? Is that why compliance with the current standard is dropping so fast? Or has the need to digitalise created a mass of new firms who should be compliant but who have just not had time yet? Survive first, comply later?
In this new environment, cybersecurity and compliance professionals are facing a host of new threats - both external, from threat actors looking to capitalise on the chaos, and internal, as fast-paced business change and distracted professionals put security and compliance at risk of being overlooked.
With COVID-19 having necessitated a shift to digital business channels, payment security and risk are more critical than ever. Discussing the challenges with your peers in a confidential environment, and hearing about how they're handling the situation, is a great way to gather insights and inspiration for keeping your organisation and its clients secure.
AKJ Associates has 20 years’ experience in delivering the best in cybersecurity content to the most discerning professionals, and we have received excellent feedback on our virtual events, which have maintained our high standard of content and networking.
International Director - Europe, PCI Security Standards Council
Director, Industry Standards, Mastercard
CISO, PCI Pal
Information Security, Risk & Compliance Manager, Dr. Martens
Senior Sales Engineer, Tripwire
Information Security Lead, Skyscanner
Chief Revenue Officer, Semafone
PCI DSS Advisory for Cloud Services and Contact Centres (QSA), BT
VP Sales & Marketing, DataDivider Inc
Card Payments and PCI DSS Subject Matter Expert, Kilrush Consultancy Ltd
GRC Consulting Director, OneTrust
Information Security Transformation Strategist
Chief Technical Evangelist, Onapsis Inc
Risk Advisory Practice Director, SureCloud
Director - Information Security, ATCORE Technology Ltd
Head of Product, Eckoh
PCI Compliance Manager, Retail Organisations
Managing Editor, AKJ Associates Ltd
GCRS Director, SecureTrust
• OneTrust GRC
• PCI Pal
• Silver Lining