September 23, 2023

Volume XIII, Number 266


PCI DSS 4.0: Third-party Service Providers And Risk Management

Join members of McDermott’s Global Privacy & Cybersecurity team and Alan Gutierrez-Arana of Mazars for the next installment in our PCI DSS 4.0 series. PCI DSS 4.0 brings major changes to payments with an increased focus on technical controls, targeted risk analysis, organizational maturity and governance. With PCI DSS 4.0 timelines fast approaching, new robust obligations regarding Third-Party Service Providers (TPSPs) will take longer than anticipated for organizations to comply with PCI DSS 4.0.

This webinar will review how merchants identify, vet and monitor their TPSPs, and it will address issues from the provider side. Discussion topics include:

  • Contractual considerations for TPSPs based on the type of services delivered
  • Risk assessment processes for TPSPs prior to selection and contracting
  • Diligence tasks and contract review with legacy TPSPs
  • Sensitive data considerations with TPSPs (access to sensitive data, management or storage of sensitive data)
  • A deeper dive into PCI requirement 12.8