PCI London 2024 in review: attendees span different stages of the PCI journey

As mandatory compliance with the new PCI DSS v4.0 standard is quickly approaching, industry professionals continue to gather at events like PCI London 2024 to understand the new requirements, exchange insights, and strategize on ways to navigate the complex challenges of securing payment card data.

Jscrambler’s team was present (again) at the event, working with attendees to advance their PCI journey.

After many conversations, demos, and sessions, a key takeaway from the event was that attendees continue to span different stages of their journey, falling into three different categories:

- Category 1: Those looking to learn about PCI v4.0 generally
- Category 2: Those looking for expert guidance on new requirements.
- Category 3: Those searching for technology to solve their specific needs.   

PCI London 2024: general networking and research on PCI v4.0

PCI London 2024 reaffirmed the critical importance of providing a venue to educate PCI professionals beginning to research new requirements within PCI DSS v4.0.

As we approach the effective date for the implementation, having a clear view of its timeline is crucial. Attendees in this stage of their journey found the event useful for networking with companies that could help them fully understand what the new version entails and when to start preparing.

Given that v3.2.1 is retiring this year, Jscrambler found guiding these attendees through a contextual timeline to meet the v4.0 deadline the most valuable.  

As of 31 March 2024, PCI DSS v3.2.1 will be retired and v4.0 will become the only active version of the standard. The deadline for compliance with 13 broad new requirements in the first phase of PCI DSS 4.0 is March 31, 2024. The implementation deadline for a second phase, comprising 51 requirements follows a year later.

To meet the March 2025 deadline companies will need to start within the next few months to properly research, test, procure, and implement the required technology to ultimately comply with the new requirements. 

Seeking compliance verification of new requirements

The second group of PCI London attendees were further along their PCI DSS v4.0 journey, seeking guidance specifically on new requirements within PCI DSS v4.0.

Their main questions revolved around whether their business needed to comply with new PCI requirements 6.4.3 and 11.6.1 and what they needed to do to prepare.  

John Elliott, Security Advisor at Jscrambler, delivered a keynote presentation on the effective management of JavaScript within e-commerce settings. He highlighted the importance of establishing internal protocols to adapt to evolving requirements, such as those outlined in the new requirements, specifically 6.4.3 and 11.6.1. By emphasizing the necessity for companies to manage their operations proactively, John Elliott shed light on crucial considerations and potential blind spots that require attention. There isn’t a one-size-fits-all solution for every organization or every script.

In urgent need of a solution for Requirements 6.4.3 and 11.6.1

The agenda of PCI London 2024 was indeed dominated by the words transition and timeline, accompanied by best practices sessions, making sure everyone from vendors to merchants, QSAs, and PSPs were informed and educated on the urgency to act.

The third group of attendees moved beyond requirements education to seeking solutions to meet requirements 6.4.3 and 11.6.1, emphasizing their paramount importance in ensuring robust security measures. Requirement 6.4.3 involves maintaining an inventory of all scripts running on payment pages and providing written justification for the necessity of each script.

The pursuit of compliance with requirement 11.6.1, which focuses on a mechanism to detect and alert personnel to unauthorized modification to payment page content, was equally fervent. Attendees were eager to meet and select technology vendors to avoid financial penalties and those that provided a maximum level of security.

Jscrambler spent time offering a comprehensive approach to addressing these compliance requirements and beyond. Demonstrating a deep understanding of the intricacies involved, Jscrambler showcased how its platform could specifically enable compliance with 6.4.3 and 11.6.1. However, what truly set Jscrambler apart was its ability to offer solutions that surpassed mere compliance, offering fine-grained control over scripts to prevent data leakage while simultaneously empowering businesses to operate seamlessly.

LEARN MORE Checklist PCI DSS v4.0 Requirements for Payment Pages: How to Comply

Urgent need to select technology to comply with PCI v4.0

There’s a visible sense of urgency that seems to be the new normal, even since the PCI SSC Europe Community Meeting that took place in Dublin, this past October.

Companies are still looking and the main challenges that vendors are addressing focus specifically on the transition to the new requirements and what are the recommendations on what to focus on over the next 6 to 9 months. There’s urgency in choosing the best technology to become compliant with PCI DSS v4.0.

AI is an important factor in PCI DSS compliance

According to the Jscrambler team members present at the event, there was a noticeable and clear emphasis on the theme of innovation and adoption of new technology (e.g. AI) with a focus on good security practices, with compliance being a consequence of this exercise.

Jscrambler can help you transition to PCI DSS v4.0

Schedule time with a Jscrambler specialist to see a demo that will solve your business needs.

Jscrambler's PCI DSS v4.0 tool helps merchants achieve compliance with requirements 6.4.3 and 11.6.1 and QSAs to validate this compliance.