JOIN US AT THE EUROPE COMMUNITY MEETING

Join your industry colleagues for three days of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2015 Community Meetings.

SPEAKERS

The following speakers will present at the meeting

AGENDA

Tuesday, 3 November   

7:30 - 19:30

Registration Open

13:00 - 14:00

Welcome Remarks and State of the Council

Presented by: Stephen W. Orfei, General Manager, PCI Security Standards Council and Jeremy King, International Director, PCI Security Standards Council

14:00 - 15:30

Understanding the Threat Landscape: Securing the Payment Ecosystem

Presented by: PCI Security Standards Council Standards and Operations Team including Gareth Bowker, Director of Training Programs; Brandy Cumberland, Director of Assessor Quality Management Programs; Leon Fell, Director of Device Standards; Troy Leach, Chief Technology Officer; Jake Marcinko, Standards Manager; Emma Sutcliffe, Director, Data Security Standards and Gill Woodcock, Director of Certification Programs


It’s been a busy year for the Council and for securing payments. Attend this two part session to hear the latest updates and initiatives on the following:

  • Risk-based decision making
  • Card production
  • Mobile payments
  • AppSec
  • POS/ATM (Social engineering, skimming and malware)
  • E-Commerce and CNP fraud
  • Installation/Poor configuration
  • Networks (MiTM, DNS, SSL weaknesses)
  • Storage and scoping
  • Third party management
  • How to prepare/address evolving threats

15:30 - 16:00

Networking Break

16:00 - 18:00

Understanding the Threat Landscape: Securing the Payment Ecosystem

Presented by: PCI Security Standards Council Standards and Operations Team including Gareth Bowker, Director of Training Programs; Brandy Cumberland, Director of Assessor Quality Management Programs; Leon Fell, Director of Device Standards; Troy Leach, Chief Technology Officer; Jake Marcinko, Standards Manager; Emma Sutcliffe, Director, Data Security Standards and Gill Woodcock, Director of Certification Programs


It’s been a busy year for the Council and for securing payments. Attend this two part session to hear the latest updates and initiatives on the following:

  • Risk-based decision making
  • Card production
  • Mobile payments
  • AppSec
  • POS/ATM (Social engineering, skimming and malware)
  • E-Commerce and CNP fraud
  • Installation/Poor configuration
  • Networks (MiTM, DNS, SSL weaknesses)
  • Storage and scoping
  • Third party management
  • How to prepare/address evolving threats

18:00 - 19:30

Welcome Reception

Sponsored by:




Wednesday, 4 November

  

7:30 - 18:30

Registration Open

7:30 - 9:00

Networking Breakfast and Vendor Showcase

Payment Brand and Council Office Hours

9:00 - 10:30

Insights from the Council: Why More Collaboration is Key for Stronger Payment Security

Presented by: Jeremy King, International Director, PCI Security Standards Council; Phil Jones, Payment Security Strategy Manager, Barclaycard; Marie-Christine Vittet, PCI DSS Program Director, AccorHotels

10:30 - 11:00

Networking Break and Vendor Showcase

Payment Brand and Council Office Hours

11:00 - 12:00

The Flight Plan to Navigating Risk: What the Payments Industry Can Learn from Health Care and Aviation


Presented by: John Nance, Aviation and Health Care Expert, Analyst, Author & Consultant


What are three industries with higher risk than normal? Airlines, health care and payments. In this session, John Nance will address each in relation to one another pulling from his diverse background in health care and aviation and how the lessons he’s learned from these industries can be applied to the payments space when it comes to managing risk.

12:00 - 12:45

Discover the Critical Link Between PCI DSS Compliance and Real-World Security


Presented by: Ciske van Oosten, Global Intelligence Manager, Verizon PCI Security Practice


Ciske van Oosten, the Global Intelligence Manager for PCI Security Practice at Verizon Enterprise Solutions, and lead-author of the Verizon PCI Compliance Report, will explain why less than a third (28.6%) of companies were found to be still fully compliant less than a year after successful validation, and why breached companies are less likely to be found compliant. Verizon’s annual PCI Compliance Report provides an in-depth assessment of the global state of payment security. It explores the approaches that organizations take to securing the cardholder data that they hold, the use of compensating controls across the industry, and the sustainability of security controls.



12:45 - 14:00

Networking Lunch and Vendor Showcase

12:45 - 18:30

Payment Brand and Council Office Hours

14:00 - 17:00

Breakout Sessions

 

Track one

Track two

14:00 - 14:50

Internet of Things

Presented by: Ken Munro, Partner and Founder, Pen Test Partners LLP


Mr. Munro is an award winning speaker and familiar face on the IT security circuit. For this PCI Community Meeting he has put together an engaging and irreverent talk on the Internet of Things (IoT), mobile payments and mobile apps. You’ll get to see the impact of real life security “fails” and he’ll show you how to deal with the problems tactically and strategically.

Overview Point-to-Point Encryption Version 2: What You Need to Know

Presented by: Andrew Barratt, Managing Director, Europe, Coalfire Systems; Delia Pedersoli, International Business, IPS ; Michael Thompson, Standards Manager, PCI Security Standards Council; Gill Woodcock, Director of Certification Programs, PCI Security Standards Council

This session will outline the latest on Point-to-Point Encryption (P2PE) Version 2 focusing on the feedback from the industry, the major changes and the benefits. It will also include an overview of the assessor perspective and what your organizations needs to know when implementing.

14:50 - 15:10

Networking Break and Vendor Showcase

 

Track one

Track two

15:10 - 16:00

The SEPA Cards Standardisation Volume and Cards Stakeholders Group’s (CSG) Developments

Presented by: Claude Brun, Managing Director, Crédit Mutuel-CIC Group

In this session, you will hear about developments in European cards standardisation and about the upcoming releases of the SCS Volume, the CSG’s support of the Euro Retail Payments Board (ERPB) and its interaction with the standards.

PIE FARM: A Seven-Stage Project-Managed Approach to the Implementation and Maintenance of Compliance

Presented by: Jim Seaman, Senior Security Consultant, Nettitude Group

Nettitude will outline a project-based approach to the implementation of PCI DSS v3.0 developed for a financial organization in seven stages: Plan; Identify; Evaluate (PIE); Fix; Assess; Report and Maintain (FARM). By attending, learn how the PIE FARM approach can be employed for the implementation of any information security standard.

16:10 - 17:00

Tokenization – A Smart Way to Increase Security and Save Cost

Presented by: Jürgen Petri, Senior Product Manager PCI, Lufthansa Systems and Kai Trippner, PCI Manager, Lufthansa Global Business Services GmbH

In this session, Lufthansa Systems will address tokenization from the point of view of both the solution provider and merchant to provide you with a 360-degree look at project and operational issues.

Perspective on PCI DSS Continuous Compliance

Presented by: Mathieu Gorge, CEO, VigiTrust, and Marie-Christine Vittet, PCI DSS Program Director, AccorHotels

Together with VigiTrust, AccorHotels has developed a robust PCI program covering education, policies and procedures, technical solutions, and program management automation. By attending, you will hear how to develop and maintain such programs to comply in 2015 and remain compliant thereafter.

17:00 - 18:30

Networking Reception and Vendor Showcase

Thursday, 5 November

  

7:30 - 10:00

Registration Open

7:30 - 13:00

Payment Brand and Council Office Hours

7:30 - 9:00

Networking Breakfast and Vendor Showcase

9:00 - 9:05

Day Three Welcome Remarks

Presented by: Jeremy King, International Director, PCI Security Standards Council

9:05 - 10:00

Ace in the Hole: What the Payments Industry Can Learn From Poker

Presented by: Caspar Berry, Poker Player, Trainer, Speaker

PCI and poker. How do they relate? They both benefit from managing risk well. In this session, former professional poker player Caspar Berry will use poker as the basis of an analysis of risk-taking and decision making, coaxing you out of your comfort zone in order to demonstrate how maximizing our return on investment, we can do more with fewer resources.

10:00 - 10:15

Networking Break and Vendor Showcase

10:15 - 12:00

Community Update


Moderated by: Mauro Lance, COO, PCI Security Standards Council

Special Interest Group Update: Daily Log Monitoring

Presented by: Jake Marcinko, Standards Manager, PCI Security Standards Council and Mark Bloom, Director Product Marketing, Compliance and Security, Sumo Logic


Attend this session to hear an update from the Daily Log Monitoring Special Interest Group.


PCI and Third-Party Risk

Presented by: Chris Goldhawk, Sales Manager, SureCloud


With PCI DSS 3.1 in effect, organisations are grappling to get assurances from their third party service providers regarding their security protocols. If this describes your situation, then a structured, risk-centric approach maybe the solution for you. Organizations need a third-party risk management program to identify and reduce potential risks in dealing with third party providers and in this session, you’ll come away with an actionable system for obtaining such assurances.


Comprehensive Dataflow Diagrams: Engaging the Business

Presented by: Stacy Hughes, VP, IT Governance, Risk and Compliance, Global Payments and
Kevin Simmonds, Director, PricewaterhouseCoopers


Global Payments and PwC will present successful practices for designing and implementing an initial and ongoing process to meet the PCI DSS requirement 1.1.3 – Cardholder data flow diagram. The topics for this presentation will include discussions on 1) Methodology, 2) Bottoms-Up/Top-Down/Outside-In Approach, 3) Data Flow/Application Identification, 4) Infrastructure Identification, 5) Required People, Process, Technology, and 6) Governance and Sustainability.



The Future of Securing Virtual Payments

Presented by: Dan Fritsche, Managing Director, Application Security, Coalfire


The economics of the cloud are compelling and can't be denied. However, organisations need to make sure they get the security right. Many organisations are looking to virtualise their IT environment but are concerned about how virtualisation will impact their security and compliance. PCI DSS is one of the most challenging and specific set of standards established to date. IT leaders need clear guidance for how to achieve and maintain PCI compliance in virtual environments. This session will address how to improve efficiency of compliance efforts in virtual environments, what the PCI guidance is for data-at-rest security controls in the areas of encryption, key management, logging and access controls and the unique challenges with managing all security requirements in virtual environments.



Addressing the Security Challenges Posed by New Online and Distributed Retail Payment Systems

Presented by: Lorenzo Gaston, Technical Director, Smart Payment Association (SPA)


New online and distributed retail payment systems (cloud, mobile, etc.) raise new security challenges that are affecting consumer payment instrument design and operation. In this session, SPA will provide expertise and experience in designing and operating secure payment instruments and associated platforms.



12:00 - 13:00

Networking Lunch and Vendor Showcase

13:00 -15:30

Community Update (Continued)


Moderated by: Mauro Lance, COO, PCI Security Standards Council

Special Interest Group Update: Shared Responsibilities

Presented by: John Greenwood, Contact centre PCI DSS Director, Compliance 3 and Michael Thompson, Standards Manager, PCI Security Standards Council


Attend this session to hear an update from the Shared Responsibilities Special Interest Group.

Building Returns from PCI DSS Effort: Gaining Both Security and Compliance

Presented by: Tom Evans, CSO, Cognia Cloud


In this session, you will learn how Cognia Cloud’s investment in PCI DSS compliance leveraged itself to build a strong InfoSec culture and serves as a springboard to developing operational cybersecurity across the whole enterprise.


How to Avoid Drowning in the Sea of Data and Retrieve Meaningful Intelligence

Presented by: Susanne Møller-Hansen, Security Management Consultant, nSense Oy / F-Secure


Attendees at this session will hear how to use logs, FIM and IDS/IPS effectively -- not just for being compliant, but for tactical logging and alerting.


Securing Notoriously Difficult Payments Channels

Presented by: Cam Ross, Director of Payments Strategy, Eckoh UK Limited and John Greenwood, Contact centre PCI DSS Director, Compliance 3


Contact centres are complex, hostile places to take card payments. New tokenisation methods can help contact centres de-scope all card data, without changes to IT, telephony or payment processes. Attend this session to see a case study of how this technology has been used to shield contact centres and ecommerce channels from card data.


Building Security in Maturity Model (BSIMM)-V ­- Measuring Maturity in Software Security Programs

Presented by: Nick Murison, Managing Consultant, Cigital


BSIMM-V is a study of real-world software security initiatives organized so that you can determine where you stand with your software security initiative and how to evolve your efforts over time. The fifth iteration of the model describes 112 activities across 12 practices, as observed across 67 participating organisations. This session will provide a brief introduction to BSIMM, its purpose, and its benefits.


Are You Forensic Ready?

Presented by: Sarah Nicholson, Head of Security Policy & Compliance, British Telecommunications


It's not a matter of if, but of when, the next data breach will happen. Are you prepared if that happens to you? Could your organization effectively manage a data breach? Would you know what to look for and who to go to? Attend this session to get answers and advice.


Education & Awareness: A Key Component to Compliance and Security of CDE

Presented by: Lucas Allen, Managing Director/CEO, LiquidNexxus Limited


Are you overlooking key aspects of cardholder data security? You could be. This session will provide insights into maintaining a well-managed security infrastructure by exploring the common pitfalls made by organizations when it comes to employee education and training on security and compliance.

Closing Remarks

Presented by: Jeremy King, International Director, PCI Security Standards Council

Community Meeting concludes.

Register today to secure your spot at the 2015 Europe Community Meeting

TRAINING

Employee Education is the Best Defense for Protecting your Organization’s Data Assets.

In conjunction with the Europe Community Meeting, four training courses are available, allowing attendees to make the most of their travel time and budgets. The trainings will take place at the Le Meridien.

P2PE

Point-to-Point Encryption (P2PE) | 30-31 October

P2PE training provides you the tools to become an expert on the requirements for P2PE compliance and have an impact on the consistent and proper application of security measures and controls for your client’s P2PE solutions and components. Enrollment is restricted to existing QSAs only.

PCI-qsa-rib

Qualified Security Assessor Training | 30-31 October

Qualified Security Assessor (QSA) training provides instruction on how to conduct assessments of merchants, institutions and service providers who must be compliant with the PCI DSS.

PCI-ISA

Internal Security Assessor Training | 1-2 November

The Internal Security Assessor (ISA) Program provides large merchants, acquiring banks, and processors the opportunity to build their internal payment data security expertise, as well as increase their efficiency in complying with PCI Standards.

PCI-QSA

PA-QSA Training | 1-2 November

PA-QSA training provides you the tools to become an expert on the requirements for PA-DSS compliance and have an impact on the consistent and proper application of security measures and controls for your client’s payment applications. Enrollment is restricted to existing QSAs only.

TESTIMONIALS

SPONSORS

Silver Sponsor

NCC Group

Gold Sponsors

proviti_logo
vz_150_rgb_p

Bronze Sponsor

Security Metics

General Sponsors

coalfirelogo
Tentable
Vigitrust

An exclusive opportunity to position your company as a leader in the global payment security industry.

Get maximum visibility for your brand – view the available sponsorship opportunities.

Sponsorship Opportunities

EXHIBITORS

Get the latest updates on the European Community Meeting by joining our mailing list.