Viviana Wesley of HALOCK Security Labs and Justin Evans of the University of Iowa will be presenting at The Payments Academy Annual Conference, held May 7-10, 2023, in Indianapolis, Indiana. Registration details are available on the website.
Wesley and Evans’s exposition is entitled “Reducing PCI DSS compliance scope prior to v4.0,” and will be presented on Monday, May 8, 2023, from 2:45 – 3:45PM.
“Learn how the University of Iowa is using point-to-point encryption (P2PE) and fully outsourced eCommerce solutions to reduce compliance risk, scope, and validation efforts. Hear about our strategic reasoning, the positive impact it’s had on our compliance program, and the benefits we’ve found with this approach. Also, listen to our PCI DSS QSA about how her clients that use this approach can quickly address common point of purchase inquiries.”
The Payments Academy is a non-profit focused on education, collaboration, and leadership in the field of payments and payments risk management. This year the Payments Academy will features two tracks: Payment Trends and Technology, and PCI Workshop. Approved attendees (per the registration details) can choose the sessions they prefer to attend on either track.
Sessions in The Payments Academy Payment Trends and Technology Track will offer solutions to simplify payment processing on campus and educate attendees about current and upcoming landscape in these environments. The PCI Workshop track is highly interactive, and sessions will foster group discussions and sharing, facilitated by thought leaders in the industry.
Viviana Wesley, PCI QSA, ISO 27001 Auditor, CISM, was recently featured as “Inspiring Women of Payments” with the PCI SSC. In addition to her upcoming presentation at The Payments Academy in May, she is hosting a webinar series (starting in late April) to address the upcoming changes with PCI DSS v4.0. Registration and dates for Preparing for Your Transition to PCI DSS v4.0 Webinar are available on the HALOCK website.
The sessions are as followed:
- Session 1: Preparing for your Transition to PCI DSS v4.0 Webinar
- Session 2: A Deep Dive into the New 4.0 DSS Requirements that are Applicable Immediately
- Session 3: A Deep Dive into the Emerging New 4.0 DSS Requirements Due by March 2025
- Session 4: How to do Targeted Risk Analysis Using a Duty of Care Risk Analysis method
- Session 5: SAQ Comparison Summaries
Scoping for PCI DSS Compliance is one of the more involved efforts towards properly addressing PCI Compliance. At HALOCK, Wesley works with her client’s staff to review the flow of credit card data through the network and which system components are involved in storing, processing, or transmitting that data. Then determines the preliminary scope of the client’s PCI DSS cardholder data environment, identifying risk factors related to the current scope, and later provides recommendations for optimization.
For PCI Remediation steps, HALOCK’s security engineers work closely with staff to identify and implement the appropriate technical solutions. HALOCK’s PCI compliance consultants can help manage remediation efforts via project or portfolio management, business analysis and process improvement, or even our Virtual Chief Information Security Officer (vCISO) service. For PCI Validation, HALOCK offers an Onsite Assessment and Report on Compliance (for organizations with large transaction volume) or a Self-Assessment Questionnaire.
When choosing HALOCK’s PCI Compliance Assessments, you receive the following benefits:
- Deep technical and operation understanding of PCI DSS requirements.
- Proven methods, efficient tools, and tested delivery process
- Dedicated QSAs and PCI compliance consultants for your assessment program
- Integration with HALOCK Penetration Testing team
- Purpose Driven Security that focuses on the underlying intent of each requirement as it relates to the particular circumstances of your business; establishing reasonable security controls based upon an organization’s mission, objective, and obligations
To contact HALOCK with questions regarding The Payments Academy presentation, PCI DSS Compliance services and offerings, or to schedule some time to chat, contact firstname.lastname@example.org or visit our website.