The PCI Security Standards Council (SSC) is responding to the recent data breaches involving third-party service providers by enhancing both the data security standards and the associated Self-Assessment Questionnaire D (SAQ D) for service providers. This should come as no surprise since 97% of breaches featuring stolen credentials leveraged legitimate partner access. This is also important because the number of merchants choosing to outsource their payment processing function or the support of their payment processing environment to focus on their core expertise, continues to rise. The combination of these two issues requires obvious response by the industry. In this session, we will cover an overview of what is driving the changes brought on by version 3.2 of the standard, what these changes are, and what organizations should be doing to ensure their third-party risk is sufficiently managed in alignment with compliance standards.
Topics include helping you to:
- Identify industry trends and distinct points of failure that lead to breaches
- Review the changes to the PCI DSS brought about by version 3.2
- Recognize organizations' challenges in managing third-party risk and the responsibilities of your vendors
- Identify effective means that can help minimize your risk when contracting and maintaining a relationship with a vendor or partner
Angie Hipsher-Williams, Sean McAloon, and Jonathan Sharpe of Crowe Risk Consulting