At the PCI Acquirer Forum in Las Vegas on 9 May, PCI Forensic Investigator (PFI) Tom Arnold, Payment Software Company, will share with acquirers and processors insights and recommendations from recent data breach investigations. Ahead of his presentation, he discusses some of the challenges he sees in payment security and what keeps him awake at night.
What role do you play in merchant payment security as a PFI?
Tom Arnold: PFI’s have two roles: (1) Examine evidence to figure out how an attacker compromised a company and recommend methods to prevent further attacks; (2) Share threats and attack trends with the wider PCI community.
What keeps you awake at night based on what you see as a PFI?
Tom Arnold: The simplicity of many of the attacks and the devastation that follows for the victim companies. For example, four simple lines of code embedded by the attacker on a development server and then moved into the production environment; resulting in the loss of thousands of credit cards.
How are you seeing advances in technology impact payment security?
Tom Arnold: Technology advances at speeds that far exceed the ability for security controls and techniques to keep up. Unfortunately, we are still very reactive to exploits involving new technologies.
Is the threat landscape in 2017 different than in previous years?
Tom Arnold: Heisenberg's uncertainty principle applies more than ever to prediction of security events based on past experience. With new technologies integrating over legacy environments, cyber-criminals expand their opportunities and ability to be creative.
Hear more from Tom Arnold and get the latest updates from PCI SSC on key initiatives for making payments safer. Join us at the PCI Acquirer Forum in Las Vegas, taking place alongside ETA TRANSACT.