On January 1, 2014, the majorly updated Version 3.0 of the PCI Security Standards Council (released November 2013) was put to effect. However, the previous version would remain effective in parallel until December 31, 2014 so that affected organizations get enough time to come into compliance. The PCI DSS standard applies to all entities that store, process, or transmit cardholder data – whether electronically or manually.
Introducing more flexibility into the compliance process is a major change that this revision has brought. Also, increased focus on technical and non-technical factors like security awareness and security as a shared responsibility has been brought to effect. It is based on market feedback received by the Council which highlighted key issues faced by organizations in complying with previous versions – particularly with respect to security education, passwords and authentication, third-party security, self-detection and response to malware and other threats, and consistency in performing risk assessments.
In this live webinar, expert speaker Tom Wills will explain:
What has changed in the new version?
Who is affected, and how?
The difference between strict compliance and effective risk management
Strategies to bring, and keep, your own organization into compliance with Version 3.0
Attendees will gain an enhanced understanding of how to manage their organizations’ PCI DSS compliance programs in light of the new revision to the standard, as well as the continually evolving security and fraud threat landscape.
Changes in the real-world threat landscape that are driving the new requirements
Moving past passwords: the danger in using out-of-date user authentication methods
The value of tokenization for keeping sensitive data out of criminal hands
Using data analytics to improve your threat detection and response capabilities
The human touch: how technical security controls alone are no longer adequate
How compliance and security are never the same thing
How to avoid being another “Target”
Who Should Attend
This session will be of most interest to staff and consultants at payment service providers, financial institutions, and retailers with responsibility for product/service delivery, fraud mitigation, or information systems (security, audit, or overall management). Vendors, regulators, and industry analysts may also find the session to be of interest.
Attendee titles may include (but are not limited to): Analyst, Manager, Director, or VP of: Product Management, Operations, Information Systems, Risk Management, Audit, Fraud, or Security.
Tom Wills is an expert in identity, security, fraud, and compliance for financial services and other critical infrastructure industries. Three decades of global experience as a product developer, security and fraud executive, startup entrepreneur, and industry analyst have given him unique insights ...
Disclaimer: The content herein does not represent any association between CFPB and Eli Financial LLC. CFPB neither endorses any product of Eli Financial LLC nor warrants accuracy of the content hereto.