PCI DSS

Top Sessions at the 2024 PCI SSC North America Community Meeting

September 5th, 2024 | By Jscrambler | 6 min read

On September 10-12, 2024, Boston will host the annual PCI SSC 2024 North America Community Meeting. The PCI SSC (Payment Card Industry Security Standards Council) North America Community Meeting is an annual event that gathers payment industry stakeholders, including merchants, service providers, financial institutions, assessors, and vendors, to discuss and share insights on payment security. The 2024 meeting will focus on the latest developments in PCI security standards, emerging threats, and best practices for compliance.

The event typically includes keynote presentations, breakout sessions, and networking opportunities, providing attendees with a platform to learn about the latest updates to PCI DSS (Data Security Standard) and other PCI standards, as well as to collaborate on improving security practices across the payment ecosystem. It serves as a forum for engaging with peers, sharing experiences, and staying informed about the evolving landscape of payment security and compliance.

Many QSA and PCI SSC professionals will share their insights on PCI DSS v4 compliance, payment security, and best practices when it comes to achieving compliance.

This article shares the key takeaways Jscrambler gathered from the most interesting sessions at the event in Boston. A common theme across the upcoming sessions led by QSAs and PCI SSC professionals is reducing payment risk efficiently and different approaches to achieving efficiency while ensuring compliance. If you’re visiting the Community Meeting this year, make sure to check out these sessions. 


Adam Perella

Technical Director at Schellman Compliance LLC
adam-perella-jscramblerSession info

Topic: Navigating Security Through Relationships

Date: Wednesday, September 11

Key takeaway
“The key takeaway is how valuable trust and clear communications are for a merchant, service provider, and QSA. Our talk will address our relationships and how candid discussions shape a more functional and secure environment.”


Jeff Man

Trusted Advisor, PCI QSA, Online Business Systems
jeff-man-PCI-QSA-online-business-systems-compliance-qsa-sessions-pci-dss-v4-jscramblerSession info 

Topic: 6.4.3 & 11.6.1: Do You Understand Website Scoping

Date: Wednesday, September 11

Key takeaway

“We want to provide some technical insights on modern web application architectures and how and where the new requirements 6.4.3 and 11.6.1 will need to be enforced. Many merchants accustomed to effectively “outsourcing” the responsibility of their eCommerce sites to third-party payment processors (e.g. qualifying for SAQ A) may be taking on more responsibility for their website whether they know it or not. Our takeaway will be for merchants to go back and evaluate their eCommerce sites and properly determine the scope and subsequent applicability of the new requirements.”


Chad Leedy

Head of Strategic Accounts at ControlCase
chad-leedy-controlcase-pci-assessments-qsa-sessions-jscramblerSession info 

Topic: The Future of PCI Assessments: Utilizing AI and Technology For Efficiency

- Current State of the Market

Date: Thursday, September 12

Key takeaway

ControlCase will address the challenges and opportunities in utilizing AI and technology for security assessments. As technology footprints expand and security standards become more complex, the number of IT resources remains stagnant or decreases. AI can help offset limited resources by saving time in document review and providing expert recommendations. For security assessments, AI improves efficiency by enabling faster evidence reviews, allowing parallel processing, and facilitating collaboration without resource limitations. In the future, AI and technology are expected to play a larger role in enhancing security assessment processes.


Mr. Kerry Steele

CISSP, CISA, CCSP, CDPSE, ISSAP, QSA, Principal Consultant, Coalfire Systems, Inc
kerry-steele-coalfire-systems-compliance-qsa-sessions-pci-dss-v4-jscramblerSession info

Topic: Leveraging Micro-Segmentation, SPIFFE-based Identity Networking, and Immutable Infrastructure to Streamline PCI DSS v4.0 Compliance

Date: Wednesday, September 11

Key takeaway

The key takeaways from Kerry Steels’s presentation include the following 3 points:
- Zero Trust Architecture is a powerful framework for strengthening payment security and aligns closely with the requirements of PCI DSS 4.0. 

- The path to zero trust is a journey, but the benefits are significant. 

- Organizations can enhance security, limit PCI DSS scope, reduce risk, and streamline their compliance efforts by adopting Zero Trust Architecture for payment systems with modern network security controls like service mesh with micro-segmentation and identity-based micro-segmentation.


Jeremy King

Regional VP, EMEA, PCI Security Standards Council
jeremy-king-PCI-Security-Standards-Council-compliance-qsa-sessions-pci-dss-v4-jscramblerSession info
Global Updates: Payment Trends and Threats

Date: Thursday, September 12

Key takeaway

“Globally, payments are changing faster than ever. To keep payments secure, it’s more important than ever to stay ahead of emerging threats. Join me at the PCI SSC North America Community Meeting, 8-10 September, to hear all about “Global Updates: Payment Trends and Threats” and learn more about why your engagement matters.”


Conclusion

Each session underscores the need for methods that can reduce risk and achieve PCI DSS compliance in the most efficient manner possible. The ways to achieve this are many, including fostering trust and communication, reevaluating website scopes under new requirements, leveraging AI for efficiency, or adopting Zero Trust Architecture. These insights highlight the necessity for organizations to stay ahead of the curve by integrating new technologies, reassessing their responsibilities, and enhancing security frameworks.


The Jscrambler team is looking forward to participating in the PCI 2024 North America Community Meeting and tuning into all these sessions and more. Meet our team at Booth #19 as we also discuss strategies to achieve compliance efficiently.  Please sign up here to network with Jscrambler and other PCI SSC NA Community Meeting attendees at the Sólás Irish Pub at the Lenox Hotel.

Jscrambler

The leader in client-side Web security. With Jscrambler, JavaScript applications become self-defensive and capable of detecting and blocking client-side attacks like Magecart.

View All Articles

Must read next

News

Jscrambler Launches QSA Alliance Program to Share Insights and Expertise that Help Organizations Achieve Zero Friction Compliance with PCI DSS v4 Requirements

Jscrambler launches the QSA Alliance Program to share insights and expertise that help organizations achieve zero friction compliance with PCI DSS v4 requirements. New program empowers PCI QSA...

July 24, 2024 | By Jscrambler | 6 min read

Learn More
PCI DSS Jscrambler

Jscrambler Introduces the PCI DSS Quick Start Program

Jscrambler developed a PCI DSS Quick Program aimed at removing obstacles to PCI DSS compliance for Merchants and removing the stress of finding an appropriate solution that is reliable and...

August 6, 2024 | By Jscrambler | 9 min read

Learn More
Section Divider

Project co-financed by (more info)

p2020