Name: PCI DSS 4.0: What is new and how to achieve compliance?
Start: 2024-12-12T16:00:00Z
End: 2024-12-12T16:00:57.000Z
Location: BrightTALK
Rating: 4.4

Thales is a global leader in cybersecurity, helping the most trusted companies, organizations and governments around the world protect critical applications, sensitive data, and identities anywhere at scale. Through our innovative services and integrated platforms, Thales helps customers achieve better visibility of risks, defend against cyber threats, close compliance gaps, and deliver trusted digital experiences for billions of consumers every day.

As organizations accelerate their move toward phishing-resistant, passwordless authentication, managing FIDO hardware security keys at scale has become a major operational challenge—especially for highly regulated sectors such as banking and large enterprises.  
 
Join Thales and Microsoft for an exclusive webinar introducing the new joint solution that brings together Thales Authenticator Lifecycle Manager and Microsoft Entra ID to simplify and secure every stage of your FIDO authenticator lifecycle. 
 
Discover how IT teams can streamline onboarding with pre-registration, centrally enforce security policies, and rapidly unblock or revoke FIDO authenticators  —all while maintaining full auditability for compliance. Learn how security leaders can strengthen governance, reduce operational overhead, and future-proof their authentication strategy with a cloud-native, interoperable platform designed for scale. 
  
If you’re looking to eliminate friction in your passwordless rollout and gain end-to-end control over hardware authenticators, this session is not to be missed. 

Key takeaways: 
• Accelerate your passwordless rollout at scale by eliminating manual processes and reducing friction for both users and IT teams. 
• Enhance security and resilience with end-to-end control over FIDO authenticators across issuance, onboarding, recovery, and revocation. 
• Future-proof your authentication strategy with a scalable, interoperable approach jointly delivered by Thales and Microsoft.

Fast Track to Passwordless at Scale: Simplified FIDO Management for the Enterprise

With 80-90% of data being unstructured and created in the cloud , Data Security Posture Management (DSPM) is becoming essential for organizations to understand what data they have, what the risks are to their sensitive data, and understand the journey data takes in their business environment. While this initial visibility and understanding about data and data risks are valuable, it's what comes next that helps you to achieve an outcome for a particular use case. 

Join our featured speakers, Todd Moore, Thales VP of Data Security, and featured speaker Heidi Shey, principal analyst, Forrester, as they discuss how organizations must evaluate automated data security technologies like data security posture management to track and protect data throughout its life cycle.

Attendees will learn:
• Where to look for security gaps in your organization’s current data protection strategy
• Which data security use cases should be prioritized for successful DSPM adoption
• Why DSPM needs to go beyond cloud-centric visibility and native controls
• How artificial intelligence (AI) and post-quantum cryptography (PQC) will impact your data security strategy.
• Plus, Todd Moore will share how Thales can help your team and organization proactively protect your most critical data and prioritize risk mitigation.

Whether you are planning a deployment or refining your current data security strategy, you’ll gain actionable steps to drive better security outcomes and maximize value.

From Visibility to Value: Leveraging DSPM to Safeguard the Data Lifecycle

AI技術の急速な発展により、これまで専門的なスキルを要したボット攻撃の実行ハードルが大幅に下がっています。その結果、悪性ボットによる通信量は前年比2倍以上に増加し、企業のWebサイトやアプリケーション、APIを狙った攻撃が急激に拡大しています。
本セミナーでは、AIを悪用したボット攻撃の最新動向や、その背後にある攻撃者の手口を解説するとともに、企業が今取り組むべきデータ保護・防御対策の最前線について紹介します。弊社が発行する「悪性ボットレポート」の最新データをもとに、検知・防御のポイントをわかりやすくお伝えします。

「前年比2倍超」悪性ボット通信の実態と、AI悪用ボット攻撃への対策最前線

The newly released Thales 2025 Data Threat Report Healthcare & Life Sciences Edition points to a pivotal shift in global cybersecurity. For healthcare and life sciences organizations, the digital risk landscape is becoming more volatile, and the accelerated adoption of generative AI is adding both promise and peril.

While GenAI offers remarkable opportunities for innovation, its rapid rollout often outpaces security safeguards—putting sensitive data in the crosshairs. With many security teams still grappling with new AI-driven architectures, strengthening data protection has never been more urgent.

In this webinar, we’ll share key findings of the Threat Report with a focus on Healthcare & Life Sciences organizations and the steps they’re taking to address compliance mandates, third-party risks, and a rapidly evolving threat landscape.

Analyst Report: The State of Cybersecurity and AI in Healthcare & Life Sciences

This session in the NHS Cyber Assessment Framework (CAF) series explores the Identify function of the framework, focusing on how NHS organisations can uncover hidden risks, strengthen asset visibility, and build a clear understanding of their threat landscape. By identifying vulnerabilities early, healthcare providers can take proactive steps to protect critical systems and patient data. Join Thales experts to discover how to:
• Find and classify sensitive data based on regulatory and organisational requirements.
• Use machine learning to enhance risk detection accuracy and scoring.
• Inspect incoming requests to applications, identify malicious activity, and block attacks before they impact services.

NHS CAF Principles In Focus: Identifying Cyber Risk

Are you aware that 33% of critical infrastructure organizations are in advanced stages of AI adoption, but that 73% cited the fast-moving AI ecosystem as their top concern? Or that only 2% of critical infrastructure have encrypted 80% or more of their sensitive cloud data? Discover how to tackle these and other challenges in 2025 with insights from Accenture, S&P Global, and Thales. 

Join us as we delve into the latest data security trends, challenges and expert recommendations from our latest Thales Data Threat Report Critical Infrastructure Edition. This report includes the responses from 513 security leaders working for key energy, utilities, telecommunications and transportation organizations around the world.

The webinar will cover: 
• How AI changes the ecosystem and impacts security budgets. 
• The challenges of Quantum Computing  
• With an average of 2.1 IaaS and 102 SaaS platforms, complexity makes security more challenging. 
• The threat landscape, root causes and causes of breaches. 
• Recommendations and guidance. 

Attendees will receive a free copy of the 2025 Thales Data Threat Report Critical Infrastructure Edition, prepared by S&P Global for Thales.

2025 Critical Infrastructure Data Threat Report with S&P Global, Accenture & Thales

As the dawn of quantum computing rapidly approaches, today's cryptographic defenses face unprecedented challenges. Organizations must re-evaluate their security strategies to address emerging quantum threats that will render traditional encryption obsolete. At the same time, Artificial Intelligence (AI) is revolutionizing the cybersecurity landscape, offering both new defenses and unique integration opportunities.
Join industry leaders from Thales and Kyndryl for an exclusive webinar, "Navigating Quantum threats: the Good and Bad of the convergence of AI and PQC", where we will explore cutting-edge strategies at the intersection of AI and post-quantum cryptography (PQC). Discover how AI can help identify vulnerabilities, accelerate the transition to quantum-safe architectures, and fortify your organization's defenses against evolving threats.
This session will provide practical insights and actionable recommendations for CISOs, IT Directors, and Business Leaders looking to future-proof their security. Don’t miss this chance to get ahead of the curve in an era where quantum computing and AI define the new frontier of cybersecurity.

Navigating Quantum threats: the Good and Bad of the convergence of AI and PQC

As European organizations navigate evolving regulatory landscapes and increasing cyber threats, the need for digital sovereignty has never been more urgent. Join experts from Microsoft, Thales, and Avanade for a 45-minute session exploring how the Microsoft Cloud for Sovereignty empowers public sector and regulated industries - finance, healthcare, and government - to maintain control over sensitive data while meeting compliance and residency requirements.
This webinar will cover:
• The challenges European organizations face in securing sensitive data
• How Microsoft’s Sovereign Cloud, Avanade, and Thales’ cyber security solutions address these challenges
• Real-world examples of risk-based control and compliance in action

Enhanced Security and Risk-Based Control Over Sensitive Data in Microsoft Azure: A Sovereign Cloud Perspective

This session in the NHS Cyber Assessment Framework (CAF) series explores the Govern function of the framework, and how NHS organisations can establish clear oversight, accountability, and visibility across their digital environments — turning complex cyber data into actionable insight. Join Thales experts to discover how to:
• Gain visibility, control, and insight over sensitive data and compliance status.
• Produce a uniform data risk status and risk score by consolidating disparate risk metrics.
• Prioritise mitigation through clear, evidence-based recommendations for corrective action.
• Reduce third-party and supply chain risk by protecting applications, data, and identities in the cloud.
• Enforce consistent security policies and regulatory requirements over data, access, and identities.

NHS CAF Principles In Focus: Managing Security Risk, Governance, Assets and Supply Chain

Quantum computing’s potential to break traditional cryptographic algorithms poses an urgent threat to data security, trust, and operational resilience. At the same time, regional regulators are mandating organizations to adopt quantum-resilient cybersecurity infrastructures and ensure robust compliance.
In this webinar, Thales and ASTRI combine their cybersecurity expertise to provide strategic insights into the evolving quantum threat landscape. ASTRI plays a key role in post-quantum computing development, offering valuable guidance to governments and enterprises in the region. Their initiatives drive innovation, helping Hong Kong lead in quantum technology advancement.
Experts will discuss practical strategies to transform your security solutions to withstand quantum threats, integrating post-quantum protections seamlessly into your cybersecurity framework. This session is essential for IT professionals and cybersecurity leaders committed to future-proofing their organizations in the quantum era. 
Prepare to safeguard your data and applications against tomorrow’s challenges.
Agenda: 
• Quantum threat landscape and PQC Readiness
• Strategic framework for quantum risk mitigation
Remarks: The Fireside Chat will be delivered in Cantonese, with English terminology and presentation materials.

Fireside Chat x ASTRI: Navigating the Transition to Quantum-Safe Solutions [Cantonese]

Customer identity volumes in financial and insurance firms are growing rapidly, with typical stacks spanning four or more vendors. This complexity fuels friction, elevates security risks -- including emerging threats like AI-powered deepfakes and synthetic identities -- and increases regulatory exposure. 

In Thales’ latest survey, 70% of financial firms face platform sprawl, and over half struggle to balance security, customer experience, operational efficiency, and regulatory requirements. Left unchecked, these challenges put revenue, reputation, and compliance at risk during one of the busiest business cycles of the year. 

Join financial services leaders, strategists, and technologists for a peer-driven discussion on simplifying Customer Identity and Access Management. Hear real-world experiences, compare approaches across use cases, and gain actionable strategies to streamline identity management, enforce consistent security and compliance, and stay agile in a fast-evolving market.

Key Takeaways:
1. Identify architectural bottlenecks caused by CIAM sprawl across legacy and cloud environments.
2. Explore platform unification strategies to streamline identity orchestration and eliminate vendor overlap.
3. Discover how to enforce consistent security policies across hybrid infrastructure without disrupting UX.
4. Learn scalable, API-first CIAM design patterns to meet evolving compliance and customer demands.
5. Hear how financial institutions align CIAM modernization with business continuity and digital transformation.

Panelists: 
Marissa Schlagenhauf, Financial Services Senior Analyst and Risk Consulting Director, RSM US LLP 
Vaishnavi Vaidyanathan, Cybersecurity Leader, RSM US LLP 
Ammar Faheem, CIAM Product Marketing Director, Thales

Simplifying CIAM to Reduce Fraud, Strengthen Security and Elevate UX

AI is revolutionizing industries—but is your organization protected?
Join our exclusive three-part webinar series featuring Securing AI, and learn how to strengthen your AI security posture from evolving threats with enhanced visibility, control, and protection. Each session delivers actionable insights from our AI Security experts.

Episode 3 – Securing AI: Mitigating Cyber Risks from DevSecOps
As AI integrates into DevSecOps cycles, new vulnerabilities emerge—from poisoned training data and compromised model repositories to exploited runtime environments.
In our final session of the Securing AI webinar series, our experts reveal how to embed security without slowing innovation
- AI-Specific DevSecOps Challenges
- Built-in Protections
Secure Your Spot Now to ensure your AI pipelines are protected.

Securing AI: Mitigating Cyber Risks from DevSecOps

Many organizations plan on maintaining on-premises resources for the foreseeable future—either because of logistical or security reasons. Whether applications live in the cloud or on-prem, securing authentication and access is non-negotiable. However, security teams struggle to adopt MFA methods that are both resistant to modern attack tactics, while also maintaining a consistent and intuitive user experience, regardless of what (or where) your employees are accessing.  

In this webinar, we will discuss why some forms of MFA fall short, and how FIDO security keys have become the new industry standard for phishing-resistant authentication—now supported and supplied by Thales for all your applications in the cloud and on-prem. Get a first-look at these latest innovations and explore what’s possible with passwordless authentication.

Extending FIDO Authentication from On-Prem to the Cloud

Identity is no longer just about security in the Banking, Financial Services & Insurance (BFSI) sector — it’s a business-critical priority. 

As institutions grapple not only with AI-driven threats, third-party identity sprawl, eroding customer trust, and intensifying regulatory demands, but also with explosive growth in the number of identities to manage, identity now sits at the core of operational resilience, and if done right, can be turned into a profit center.

This webinar shares key findings from nearly 500 senior executives across the U.S., U.K., Singapore, captured in Thales’ latest survey conducted by ESG: “Identity & Access in Banking, Financial Services and Insurance:” This is one of the largest survey of its kind.

As 2026 roadmaps come into focus, discover how leading institutions are reframing identity, not just as a risk to manage, but as a lever for agility, compliance, and competitive advantage.

Key Takeaways: 

1. Industry Snapshot - An overview of how BFSI organizations are managing CIAM, workforce IAM, and third-party access, highlighting key maturity gaps.

2. Emerging Pressures - An exploration of evolving risks, including regulatory demands, AI-driven threats, and operational challenges impacting identity strategy.

3. Forward-Looking Priorities - Insight into where peers are focusing their identity modernization efforts, and the strategic drivers shaping the 2026 planning.

4. Strategic Guidance - Practical advice to help you refine your IAM roadmap, closing critical gaps while aligning identity with broader business goals.

How Leading Financial Institutions Are Eliminating Friction and Fraud in Digital Access

Data security has shifted from being a bit-part player among a broader cybersecurity discussion to become a standalone discipline, assuming its logical place as the foundation of a wider, multi-tier cybersecurity posture. When organizations can map out and understand their data landscape, they are more confident in their security measures to defend it and reduce the risk of non-compliance —resulting in significant sanctions or penalties from regulators.
In 2026, data security is projected to be the most critical aspect of a digital asset strategy. Data security posture management (DSPM) can provide a firm foundation as your organization builds out transformation projects, including AI and Quantum. 

Join our speakers as we discuss Omdia’s assessment of the DSPM market, qualified vendors, and real-world use cases, including:
• How Omdia defines DSPM into two capability areas: data security and posture management.
• Why AI and quantum introduce new complexities to IT and the DSPM infrastructure.
• What to look for when selecting a vendor.
• How Thales can help build customer-centric business value.

DSPM at a Turning Point: 2026 Outlook for Data Security Posture Management

Finance and insurance firms face a clear and present danger: expanding third-party and B2B risks are stretching identity perimeters to the breaking point. With 74% of organizations seeing surging third-party identity growth and 89% citing external access as a major risk, legacy IAM can no longer keep pace.

In this webinar, you’ll learn how modern B2B IAM serves as financial services’ shield, protecting against breaches while enabling business growth. We’ll explore how risk-based, adaptive IAM can secure vendors, partners, supply chain and external networks, bridging Zero Trust security with business continuity to protect without blocking. Through real-world case studies, expert perspectives, and a practical roadmap, you’ll learn how to balance resilience, compliance, and business growth by modernizing IAM for external and B2B use cases.

Key Takeaways
1. B2B IAM Maturity Assessment: Benchmark your organization’s readiness for modern IAM.
2. Risk-Based Access Insights: Practical guidance on moving from static roles to adaptive, context-aware controls.
3. Third-Party Security Strategies: Tactics for securing vendors, partners, and external networks.
4. Modernization Roadmap: Step-by-step approach to credential vaults, adaptive MFA, and identity orchestration.
5. Resources for Action: Exclusive eBook and whitepaper to reduce your B2B attack surface.

Clear and Present Danger: Securing Third-Party Access with Modern B2B IAM

Descubre cómo las instituciones financieras están transformando la experiencia de pago, combinando seguridad y fluidez. Exploraremos el caso práctico de Click to Pay y Passkey, mostrando estrategias de Autenticación Basada en Riesgo y medidas de prevención de fraude para proteger a todos los usuarios, dispositivos e interacciones frente a deepfakes impulsados por IA, mientras se ofrecen transacciones confiables y sin fricciones que mejoran la satisfacción del cliente y cumplen con los estándares de seguridad más exigentes.

Presentadores:
- Pedro Lara Perez, Identity Expert, Thales
- Rogelio Tejada Galindo, Digital Payment Expert, Thales

Lo que aprenderás:
- Lecciones del caso práctico de Click to Pay y Passkey que pueden aplicarse en tu institución financiera.
- Mejores prácticas para ofrecer pagos confiables y fluidos que mejoran la experiencia del cliente.
- Estrategias efectivas de prevención de fraude frente a amenazas emergentes como deepfakes impulsados por IA.
- Cómo implementar la autenticación con passkey para proteger usuarios, dispositivos e interacciones.

Este taller fue organizado por la Asociación de Bancos de México ABM, A.C.

Construyendo experiencias confiables y fluidas -  Caso Click to Pay & Passkey

En la industria de servicios financieros, proteger la información confidencial es fundamental para mantener la confianza y el cumplimiento. Exploraremos los desafíos únicos que enfrentan las instituciones financieras al administrar secretos, incluidas claves API, credenciales y claves de cifrado. Los expertos de la industria discutirán las mejores prácticas, los requisitos regulatorios y los estudios de casos que resaltan la importancia de la gestión de secretos para proteger los datos de los clientes y mantener la integridad operativa.

El papel fundamental de la Gestión de Secretos en los Servicios Financieros

IBM Consulting and Thales join forces to outline the challenges presented by PCI DSS 4.0 and how can organizations achieve compliance in order to meet the upcoming deadline of March 2025. IBM Consulting, a Qualified Security Assessor, will outline the new requirements of PCI 4.0 while Thales will give an overview of how its Data Security, Access Management and Application Security solutions can help organizations uncover compliance gaps, protect sensitive cardholder data and monitor risks automatically. 

• Understand the new requirements and challenges to comply with PCI DSS 4.0.
• How to discover compliance gaps and vulnerabilities across hybrid IT.
• Protect sensitive cardholder data and all paths to it.
• Continuously monitor for risks and threats.

PCI DSS 4.0: What is new and how to achieve compliance?

PCI DSS

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

PCI DSS 4.0: What is new and how to achieve compliance?

Presented by

About this talk

Thales - Cybersecurity Solutions