The PCI Security Standards Council (SSC), which drafts many payment card industry security standards, meets annually in Europe, Asia-Pacific and North America to share new standards, gather feedback from the community, and discuss the burning issues of the day. Security professionals who have to comply with PCI standards need to stay abreast of these updates.
What follows is a summary of key points from those meetings that are relevant to the security community, including point-to-point encryption (P2PE), encryption in the cloud, and small business compliance.
Encryption is still key, but not always implemented
I was happy to see that data devaluation, including encryption and tokenization, was front and center in the keynote address at the Vegas and London meetings. Criminals have been rather busy over the past couple of years as 2.6 billion data records were compromised in 2017 alone, according to Gemalto’s Breach Level Index.
Less than 4 percent of breaches had some sort of data devaluation in place, such as encryption. Said another way, 96 percent of breaches had no encryption in place at all. If it has value, devalue it. If it’s important to you, encrypt it!