The PCI Security Standards Council (SSC) is responding to the recent data breaches involving third-party service providers by enhancing both the data security standards and the associated Self-Assessment Questionnaire D (SAQ D) for service providers. This should come as no surprise since 97% of breaches featuring stolen credentials leveraged legitimate partner access. This is also important because the number of merchants choosing to outsource their payment processing function or the support of their payment processing environment to focus on their core expertise, continues to rise. The combination of these two issues requires obvious response by the industry. In this session, we will cover an overview of what is driving the changes brought on by version 3.2 of the standard, what these changes are, and what organizations should be doing to ensure their third-party risk is sufficiently managed in alignment with compliance standards.
Topics include helping you to:
Angie Hipsher-Williams, Sean McAloon, and Jonathan Sharpe of Crowe Risk Consulting