Tim Critchley – Chief Executive Officer
What better place to celebrate the PCI Security Standards Council’s (PCI SSC) 10th anniversary than under the bright lights of Las Vegas. Semafone were centre stage at the annual PCI North America Community Meeting at The Mirage, a Polynesian-themed resort and casino right on the Vegas strip. With more than 1,400 attendees, it was the organisation’s most successful event to date, bringing together council staff, partners and industry experts to share best practices and discuss the latest industry trends and emerging security technologies. It was great to see old friends of Semafone and catch up with Jeremy King. Particularly striking this year were the number of merchants we spoke to who were attending the meeting for the first time. The high level of attendance and increase in new faces emphasises the growing importance companies are placing on payment security.
We kept extremely busy throughout the conference, speaking with our industry peers and demonstrating Semafone’s award-winning secure voice solution. Our “money booth” was a big hit –delegates enjoyed trying to catch coloured credit cards for a chance to win an Amex gift card, congratulations to all the winners!
Some of the advancements highlighted at the Community Meeting included improving consistency and security across payment channels with 3-D Secure 2.0 (3DS 2.0), as well as using the PCI Point-to-Point Encryption (P2PE) standard to minimize the exposure of card data. Topics of discussion included the current data breach landscape, application security, the Internet of Things (IoT), biometrics and more.
One of the strongest themes throughout the conference was how organisations can go beyond “if you don’t need it, don’t store it” and move toward devaluing account information through tokenization and encryption solutions. This echoes the advice that our Global Solutions Director, Ben Rafferty proposed recently in Business Solutions magazine. Likewise, another key theme from the conference was highlighted in the “State of the Council” keynote speech by Troy Leach, the CTO of the PCI SSC, who described how many organisations have moved beyond the goal of merely becoming compliant and are now focused on simplifying compliance. This industry trend bodes well for Semafone, given our solution’s ability to help enterprises reduce compliance costs by simplifying and reducing the scope of their card data environment, and reducing the need for hardware, security patches and other compliance-related costs.
It was terrific to see Ken Munro representing the British as he presented his keynote “From Payment to Ransomware, via the Internet of Things”. One of Ken’s amusing examples of the Internet of Things gone wrong was a Wi-Fi enabled kettle that had been hacked. Whether or not you would want a smart kettle yourself, (and I definitely won’t be rushing out to buy one!) it is fascinating to see just how embedded security risk is becoming in our everyday lives. The simple task of making a cup of tea is now the weak link in your security chain, with potentially catastrophic repercussions.
Overall, the PCI SSC Conference provided useful insight into the future of payment security – insight that we will apply as we continue to expand our offering and serve our clients. We are excited to see what the next 10 years will bring for the PCI SSC.