Bluefin’s Chief Innovation Officer, Ruston Miles, attended this week’s PCI Asia-Pacific Community Meeting in Singapore where industry leaders presented an agenda full of the latest in PCI standards and payment security trends.
PCI Singapore’s Keynote Session covered a topic any business worldwide processing credit cards should be concerned about – data breaches. PCI’s International Director, Jeremy King, opened the Singapore event with remarks that set the tone for attendees in a poignant way.
“When it comes to data breaches, you don’t want to get the call that says your organization is the problem. That’s a bad day for everyone,” stated King, adding that Asia-Pacific organizations should all be taking a look at security solutions, like Point-to-Point- Encryption to protect their business from cyber fraud.
The Payment Card Industry (PCI) Security Standards Council is a global forum that develops, maintains and manages the PCI Security Standards, which include the Data Security Standard (DSS), Payment Application Data Security Standard (PA-DSS) and PIN Transaction Security (PTS) Requirements.
The PCI Council’s main goals are to seek, protect and educate industry players such as merchants, processors, financial institutions and any other organizations that store, process and transmit cardholder data around the world. The Council works to educate stakeholders about the PCI Security Standards, operates programs to train and qualify security professionals in assessing and achieving compliance with PCI Security Standards, and promotes awareness of the need for payment data security to the public.
Christopher Novak, Director, Investigative Response Verizon RISK Team, delivered the keynote speech at PCI’s Singapore meeting. Industry Forensics: Understanding the Current Data Breach Landscape took the audience through real world examples of data breaches and how they have had a lasting impact on their victims and the payment industry community. Attendees learned how to prevent becoming the next victim of a data breach as well as how to quickly identify and mitigate an incident should it happen.
“Merchants should be encrypting and tokenizing card data and using P2PE to devalue the data,” stated Novak at the Singapore event. Novak, who also spoke at PCI’s European Community Meeting in Edinburgh, offered his insights regarding his European session in a recent blog on PCI’s website. Some key takeaways included:
- Data breach threats we are seeing today are not necessarily new, rather they are new twists and variations on past successful breaches.
- One relatively new technical trend would be the uptick in malware that is memory resident (cannot be detected by anti-virus or file monitoring).
- Small businesses face many of the same threats that hit larger businesses, so it is important for any business to have all requirements by PCI DSS in place.
- Cybercrime activity is happening to organizations across all industries, geographies and to victims of all sizes – no one or no industry is immune and all remain vulnerable.
“If you take your security seriously – I mean really be passionate about it and get others to be passionate about it – then it will have a measurable positive impact on your organization in many ways. Your security approach should be evidenced-based, demonstrable, and weaved into the fabric of your business in order to be truly successful.” Christopher Novak
Reflecting on 10 years
To mark their 10-year anniversary as well and PCI’s mission to foster secure transactions globally, the PCI Council has presented a session at each of the 2016 community events – Reflecting on Ten Years of PCI Standards: Building the Payment Security of Tomorrow by Learning from Our Past – which details the changes in payment security and PCI Standards over the past ten years and how that will help shape our payment security future.
PCI’s Chief Technology Officer, Troy Leach, was on hand in Singapore to deliver this session, emphasizing how PCI Standards have evolved to protect the next generation of payments as cyber threats have emerged – changing the way payments are conducted.
“When the PCI Council first started 10 years ago, we had the goal to establish the first aligned global standard for payment card data security and create awareness of growing attacks. Today, that challenge has become more complex as innovation has provided a wealth of new opportunities to use and accept payments,” said PCI Security Standards Council Chief Technology Officer Troy Leach in September. “That innovation is also occurring in how we protect payment transactions, and the next 10 years will likely look very different. With dynamic data and dynamic authentication, we are moving away from any value to the data to eliminate the financial incentive for a criminal, as seen in the evolution of our more recent standards.”
In PCI’s community meetings around the world, there is emphasis on key advancements in payment security that have received global collaboration, which include PCI-validated Point-to-Point Encryption (P2PE). The PCI P2PE Standard provides solutions that minimize the exposure of card data and simplify security and compliance efforts for businesses, devaluing data and reducing PCI DSS responsibilities.
At PCI’s North American Community meeting this past September, Bluefin’ Chief of Innovation, Ruston Miles, was on hand to co-present with PCI DSS on ways that P2PE is gaining traction among organizations.
Miles was also in attendance in Singapore, and is coming back to the States with further confirmation that the P2PE market is growing steadily, and globally, with an increased pace of adoption.
“As Stephen Orfei, General Manager of PCI, confirmed in Singapore, P2PE is becoming more widely accepted as the security solution organizations can adopt, preventing data breaches from occurring,” said Miles. “There are currently 25 listed P2PE Solutions, 52 listed P2PE Applications, and 4 listed P2PE Components, all of which work to reduce risk and PCI scope, and ultimately reducing costs while keeping valuable card data safe and secure.”