I had the pleasure to be invited as a guest speaker to Cardiff University in order to give a talk about: "CyberSecurity and the Payment Card Industry".
The talk starts with an introduction to the Payment Card Industry (PCI), Payment Card Industry Data Security Standard (PCI DSS) and the Payment Card Industry Security Standards Council (PCI SSC). The participants are given the opportunity to understand what is an Approved Scanning Vendor (ASV), the responsibilities of a Qualified Security Assessor (QSA) and last but not least the job of a PCI Forensics Investigator (PFI).
Cybersecurity, is defined as the set of controls applied on computers, networks, computer infrastructures, and the data stored and transmitted on them, to protect these information assets from an ever-evolving range of threats. It becomes more complicated in the context of today’s threat landscape that is also expanding at an increasingly fast rate. Hence, the most problematic element of CyberSecurity is its evolution; it is so fast and unpredictable, while the nature of the risks involved are continuously shifting. Cyber-crime can affect millions worldwide, with most people becoming victims of identity theft and financial fraud.
When it comes to the Payment Card Industry, CyberSecurity practices are of critical importance. Future professionals working in the information security industry need to be ready to tackle evolving cyber-threats, protect high-value assets and understand cybercriminal tactics.
Reference to the above, the talk introduces the attendees to the challenges of today’s CyberSecurity practices, especially focusing on protecting assets related to the Payment Card Industry. Emphasis is given to the different security assessment types, currently utilised by the industry, to protect potential targets. More specifically, the talk highlights the systems that handle financial transactions, mostly performed through Point-of-Sale (POS) devices or Virtual Terminals.
During the talk, real-life scenarios are discussed, to inspire the attendees into thinking outside-the-box, especially for protecting such mission-critical computer infrastructures. As future decision makers, the attendees are introduced to what should be their main focus and next steps into preparing themselves today, in order to protect tomorrow’s businesses.