Press Release

Cyber Security Leaders Emphasize Payment Security and Cooperation

Cyber Security Experts and Policymakers come together at the non-partisan Payment Card Industry (PCI) Security Standards Council “Breaches & BBQ” to address Payment Security Threats

Washington, D.C., 14 May 2019 – The PCI Security Standards Council (PCI SSC) hosted a non-partisan “Breaches & BBQ” event on Capital Hill drawing an impressive crowd of Democrats and Republicans to talk about payment card fraud and the best practices to improve data security in the payments industry.  The event featured cyber security experts from the PCI SSC, Verizon and the U.S. Secret Service who discussed how payment card information is stolen and how companies get breached.

“As the payments industry continues to evolve and change at a record pace, it is more important than ever to have cooperation and education with all stakeholders,” said Lance J. Johnson, Executive Director of the PCI SSC.  “Fraudsters who steal payment card information do not care what political party you belong to.  Government and the private sector must work together to fight this global battle.  Today was about continuing our ongoing dialogue with policy makers.”

The speakers highlighted the current and emerging threat landscape in the world of payment card security.  Chris Novak, Global Director, Threat Research Advisory Center at Verizon Enterprise Solutions, highlighted that many successful cyber attacks are entirely preventable with the right kind of security in place.  “We see time and time again, successful attacks that are the direct result of careless cyber security practices like weak passwords or poor patching.  Greater education and training can go a long way in preventing these attacks in the future.”

PCI SSC Chief Technology Officer Troy Leach emphasized the importance of people, processes and technology as part of a comprehensive approach to prioritizing payment security.  “There is no one magic solution to prevent cyberattacks,” said Leach.  “Payment security must include a prioritized combination of well-trained people, processes to watch for and address problems, and the use of modern technology that can help defend against hackers.”

Key focus areas at the PCI SSC Breaches & BBQ event included:

  • People:  In the U.S. and around the world there is a shortage of cybersecurity professionals.  Cybersecurity training and smart third-party management is essential to guard against attacks and establish a strong security program.   
  • Processes: Putting in place processes that allow a company to better understand their payment environment and test their own security controls is critical to understanding risk and developing solutions.
  • Technology: Migrating away from older technology and utilizing cutting edge solutions such as point-to-point encryption can eliminate lot of risk.  Improving security around mobile devices is a current and growing priority.

“Education on newer threats to payments and solutions to mitigate those risks must also be part of a continuous process.” Leach continued.  “Payment data has changed drastically in recent years as we’ve significantly reduced the value to criminals.  Those developing data security programs in other industries or environments should be aware of the unique opportunities happening in the payment industry.”

About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.