Key Aspects of the Upcoming PCI Community Meeting
The New Milestones on the Horizon
The recent European edition of the PCI Community Meeting shed light on significant events in the world of security. The coming year holds substantial changes, with the Digital Operational Resilience Act (DORA) set to take effect on January 1, 2025. Moreover, 40 security requirements that were previously not mandatory will become obligatory on March 31, 2025.
Short-Term Objectives
DORA Implementation: As of January 2025, DORA aims to strengthen operational resilience and cybersecurity within the financial sector. The regulation will cover critical aspects such as risk management, incident notification, operational resilience testing, and third-party risk management. Adherence to these components of PCI DSS will facilitate compliance with DORA.
Protection Against Phishing Attacks: A 1000% increase in phishing attacks since 2022 necessitates educating teams to detect, react, and report potential phishing and social engineering attacks.
Web Script Security: As attackers exploit web scripts to load malicious scripts, PCI DSS will require maintaining an inventory of web scripts and conducting periodic tests to prevent unauthorized actions.
Multi-Factor Authentication: To minimize the risk of unauthorized access, multi-factor authentication will be mandatory for all users accessing the card environment directly or indirectly.
- Risk Analysis: Conducting a specific risk analysis enables in-depth knowledge of the environment and potential threats. This assessment helps identify system components, sensitive data, and threats to establish their integrity frequency.
Beyond 2025: Future Developments
The PCI Community Meeting addressed various aspects that will influence the financial world in the medium to long term.
Artificial Intelligence: Although Artificial Intelligence was not the primary focus, its importance in the short and medium term within the financial sector was highlighted. Virtually all market tools incorporate this technology, and PCI DSS is being prepared to ensure secure and standard-compliant use.
- MPoC Standard Renewal: The MPoC standard, which regulates mobile device payments, is expected to be renewed next year. This update will likely impose mobile payments on merchants, allowing them to manage payments through their devices securely.
The intersection of the PCI Community Meeting and the upcoming DORA regulation signifies the necessity of adapting to the evolving landscape of security and payment methods.
Conclusions and Future Directions
The role of security in the financial sector, led by PCI DSS, is imperative. Necomplus, backed by over 30 years of experience in the payment industry, offers a specialist team to guide and implement these regulations in any project.
The upcoming European meeting in Amsterdam in 2025 will provide valuable insights into how the world of payment methods has adapted to PCI DSS v4.0, implemented DORA, and confronted new challenges.