Notes from the Jan 2016 PCI Conference

Published: 10 February 2016

Andy Harris, January 2016 PCI Conference Notes

By Andy Harris

Notes from the Conference

The PCI DSS 3.0 theme was as strong as usual with all the reminders that outsourcing doesn't mean outsourcing responsibility for personally identifiable data.

There was more of an examination of the relationship between merchants and their outsourced payments providers. This was reflected in the visits we had to our stand, at this conference more delegates were interested in Third Party Access solutions. During the sessions we had several visits from other vendors asking how we could make their access to customers quicker, more secure and fully compliant.

We listened to an interesting presentation from some Pen testers that revealed that native applications were much more easy to crack than client/server applications, it was mentioned that native apps held credentials in memory and often cached them to file so that users need not remember them. That 'usability' is a serious security flaw that attackers will exploit!

The end-user presentations are a highlight of the PCI conference, it seems a common theme these days that working on security and compliance brings a business clarity that translates into efficient operations and increased profit. The process of analysis of where the core assets lie and how they should be protected helps to reveal inefficient insecure processes. These get fixed, and the business is in better shape.

Release Date: 
Wednesday, 10 February 2016
Article Type: 
Blog Post
Andy Harris