Join us for three days of connecting, discovery, updates from the Council, regional community speakers, merchants, industry experts, and more.

Agenda subject to change – Continue to check back

  • Tuesday, September 13
  • Wednesday, September 14
  • Thursday, September 15

Tuesday, September 13

Community Day

Please note: The General Sessions happening on this day are for Participating Organizations only, as a benefit of their participation. However, we invite everyone to join the other exciting highlights of the day!
10:00 AM - 6:30 PM

Registration Open

1:00 PM - 1:10 PM

Welcome Remarks

Emceed by: Sherron Burgess, Senior Vice President and Chief Information Security Officer, BCD Travel; Board Member and Vice President, Strategic Development, Cyversity

1:10 PM - 1:30 PM

Community Day Kick-Off

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

1:30 PM - 2:00 PM

Make Your Voice Heard - A Panel Discussion

Moderated by: Mark Meissner, SVP, Education & Engagement Officer, PCI Security Standards Council

Panelists: Kara Gunderson, PCIP, Director Payment Card Operations, Citgo Petroleum Corporation; Tony James, Director, Target; Michael Johnson, CISSP, PCI ISA, Executive Director, Global PCI Programs, JPMorgan Chase; Josh Knopp, Chief Information Security Officer, Enterprise Holdings Inc. and Guilherme Scheibe, Regional Director – Brazil, PCI Security Standards Council

There are so many ways to engage with the PCI Security Standards Council (PCI SSC). In this panel discussion, you will hear from PCI SSC Board of Advisors (BoA) members and active community members about the various ways they have engaged with the PCI SSC and how payment stakeholders can have a profound impact on the payment security industry. You will also learn how you can make your voice heard. If you are in the payments industry, you will want to hear this panel and then make your plan to get more involved!
2:00 PM - 2:20 PM

A Review of the 2022 SIG Paper, Guidance for Container and Container Orchestration Tools

Presented by: Randy Bartels, Vice President of Security Services, KirkpatrickPrice and Joel Weisz, Manager, Solution Standards, PCI Security Standards Council

In this session, PCI SSC and a 2021 SIG Participant, in “Best Practices for Container Orchestration” will share an overview of the 2021 SIG development process, and the resulting SIG Paper, as well presenting the benefits of active participation in the collaborative development process. We will also be looking ahead to the 2022 SIG and cover topic submission, the nomination process and the timelines.
2:20 PM - 2:45 PM

Community Questions with the Council

Moderated by: Lance J. Johnson, Executive Director, PCI Security Standards Council; Alicia Malone, Senior Manager, Public Relations, PCI Security Standards Council and Emma Sutcliffe, SVP, Standards Officer, PCI Security Standards Council

2:45 PM - 2:55 PM

Closing Remarks

Presented by: Sherron Burgess, Senior Vice President and Chief Information Security Officer, BCD Travel; Board Member and Vice President, Strategic Development, Cyversity

Vendor Showcase
2:00 PM – 4:30 PM

All are welcome to take a sneak peek at the Vendor Showcase!
Sponsored by
5:00 PM - 6:30 PM

Welcome Reception at the Steam Whistle Brewery

255 Bremner Blvd, Toronto, ON M5V 3M9, Canada

The reception will be hosted in Pilsner and Locomotive Hall.

All are welcome! Don’t miss this taste of the city and kick-off networking opportunity!

Sponsored by

Wednesday, September 14

8:00 AM - 5:00 PM

Registration Open

General Sessions

Emceed by: Sherron Burgess, Senior Vice President and Chief Information Security Officer, BCD Travel; Board Member and Vice President, Strategic Development, Cyversity

9:00 AM - 9:15 AM

Welcome Remarks

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

9:15 AM - 9:40 AM

PCI DSS v4.0 In A Nutshell

Presented by: Lauren Holloway, Director, Data Security Standards, PCI Security Standards Council

Walkthrough the key changes in PCI DSS v4.0 and see how the standard has evolved to provide more flexibility and to help organizations better protect payments.
9:40 AM - 10:00 AM

Quick Fire Round – Your Top 10 Questions About PCI DSS v4.0 Answered

Presented by: Marc Bayerkohler, Standards Trainer, PCI Security Standards Council; Tom White, Senior Manager, Content Development, PCI Security Standards Council and Kandyce Young, Manager, Data Security Standards, PCI Security Standards Council

10:00 AM - 10:30 AM

Inspirational Keynote - Building on Mars: How Disruptive Technology Development Can Get Us There

Presented by: Melodie Yashar, Space Architect, ICON

Sponsored by


The concept of going to the Moon and Mars—once the subject of science fiction alone—is now supported by private and public entrepreneurial efforts alike. Today, NASA in collaboration with SpaceX, Boeing, and other aerospace partners are working to design, build, test and operate reliable and cost-effective human transportation to not only the International Space Station, but by 2024, to have “boots on the Moon” once again, and build humanity’s first off-world settlement. Many of the world’s nations—China, India, Russia, Japan, and more—are accelerating technology development to realize a permanent human presence on the Moon. By 2028, NASA seeks to deploy technologies for the construction of a Lunar base. The European Space Agency has long celebrated the concept of an international “moon village.”

Commercial development of the Moon will not only incentivize new economic and business opportunities through space tourism, resource mining and more—but speaks to humanity’s impulse to pioneer and venture into uncharted territories, and generate ground-breaking scientific knowledge about our universe. To make it happen NASA is leaning into private-public as well as international partnerships. The democratization of “new space” has enabled multiple startups to competitively disrupt the aerospace industry, driving the costs of spaceflight downwards to where commercial space travel has now become a new reality.

Mars, on the other hand, presents a host of even more daunting challenges for human spaceflight. Communications latencies, the harsh radiation environment, and the prohibitively expensive costs of launching habitat elements and other types of infrastructure to the red planet are forcing us to rethink not only how will we get there (e.g. transportation), but also how will we sustain and support the first four, then twelve, then one-hundred crewmembers? What will future Martian cities be and how will they be built? How will they enable human beings to thrive in a fundamentally hostile environment? What will our food, water and air resources be? Designing technologies the way we have been prior to this moment simply will not cut it. In this talk we explore the emerging field of sustainable construction on Mars, how it is changing the landscape of building on Earth, and how it paves the way for imagining the unimaginable: how humanity’s life off-world will truly unfold.
10:30 AM - 11:00 AM

Networking Break and Vendor Showcase

Sponsored by
11:00 AM - 11:20 AM

Track One

Making the Jump to Light Speed - The Continued Evolution of the Software Security Framework

Presented by: Jake Marcinko, Senior Manager, Solution Standards, PCI Security Standards Council

Join Jake Marcinko, Sr. Manager of Solution Standards for a fun and informative look at the next phase of development for the PCI Software Security Framework...and why Han Solo may understand the need for software security better than any of us. A discussion on how famous quotes from Han Solo have relevance to modern software development and software security issues, and how planned updates to SSF will help to address these emerging issues.

Track Two

PCI Perspective from an Industry Newcomer

Presented by: Elizabeth Terry, Senior Manager, Community Engagement, PCI Security Standards Council

As a newcomer to the payments industry,  holds great insight on her experience, observations, and thoughts on how to work towards creating successful relationships with the Council and the industry in a remote environment. Join Elizabeth Terry  as she discusses key points in how to get involved, navigating the PCI SSC standards & documentation, building relationships and community in the payments industry, and making the most of the PCI SSC Community Meeting.
11:25 AM - 11:45 AM

How to Anticipate the Advent of the Quantum Computer

Presented by: Oscar Covers, Chairman of the security working group of the European Card Payment Association (ECPA SWG), European Card Payment Association (ECPA)

Quantum computing is a fundamental research area that is progressing quickly. This technology is expected to have a profound impact on many of the world’s largest markets and will potentially also pose a great threat to cryptography as we know it. As financial sector, it is key to understand to which extent advances in quantum computing affect the security of the core banking & payment services. There is still much uncertainty about quantum computing, but there are also a couple of certainties.

Managing Third-Party Vendor Security From the Business Perspective

Presented by: Kara Gunderson, PCIP, Director Payment Card Operations, Citgo Petroleum Corporation; Greg Luna, Sr. Legal Corporate Counsel, CITGO Petroleum Corporation and Todd McClelland, Partner, Attorney at Law, McDermott Will & Emery LLP

As recent security incidents demonstrate, third party service providers can cause significant cyber risks. Knowing this, what should a company do to mitigate and manage this risk? Our panel will address this issue by focusing on business aspects of security through the contracting process with service providers. We will discuss best practices to explore the security posture of a prospective vendor, including suggestions for additional cyber-related contract provisions.
11:50 AM - 12:10 PM

Catch Compliance in Your Web: How Mapping Untangles Your PCI Requirements

Presented by: David Friedenberg, QSA, PCIP, CISSP, CISA, CRISC, Senior Manager, Weaver and Brittany George, QSA, CISA, CISM, Partner, Weaver

In this session, we will explore how to accomplish the goal of reducing the headaches that comes when multiple compliance initiatives are required.  When compliance outside of PCI is also mandatory for regulatory requirements and/or industry frameworks such as NIST, ISO, HITRUST, SOC, SOX, etc., how can mapping exercises demonstrate assurance and highlight an organization's control environment across a variety of frameworks? We will explore ways to effectively address the compliance web.

Understanding the Role of 3rd Party Resellers

Presented by: Nathan Sweaney, Security Advisor, Secure Ideas

Integrators & resellers are often stuck between a complex standard and small merchants who may not understand security basics. Resellers want to protect their clients and provide compliant solutions and often must help SMBs with their security over compliance. This session will outline the challenges that impact the majority of SMB PCI environments that are installed and maintained by 3rd party resellers. That community is driving PCI compliance at Level 4 and must be included in the conversation.
12:15 PM - 12:35 PM

Clear Skies Ahead: Enabling the Business to Migrate PCI Workloads to the Cloud at Scale

Presented by: Jonathan Glass, MSIS, CISSP, Director Cloud Security, Global Payments; Kristine Harper, PCI DSS QSA, Sr. Assurance Consultant, AWS Security Assurance Services, LLC. and Avik Mukherjee, Sr. Security Consultant, Amazon Web Services (AWS)

With cloud migrations growing exponentially, how does PCI compliance keep up with the pace? Listen to a case study about transforming your PCI compliance strategy into one that is scalable, enabling the business to rapidly migrate workloads to the cloud efficiently and securely. Discover how layered compliance models and cloud concepts can support high rates of compliant migrations. Learn how others have leveraged cloud-provided efficiencies to minimize audit fatigue and resource constraints.

Solving PCI DSS v4.0 Challenges With Confidence

Presented by: Matthew Arntsen, CISSP, CISA, QSA, North American Payment Security Practice Director, Verizon Business Consulting Services – Cyber Security Consulting​

An overview of the 2022 Payment Security Report - 165 pages of the latest groundbreaking insights. The key to PCI DSS v4.0 compliance and data security success: focus! You need a method to focus on clearly defined goals and objectives, stop being busy with tasks that don’t promote sustainable control effectiveness and overcome constraints. This session reveals details on how to succeed - an exact method for logically solving security compliance complexities and improve performance maturity.
12:35 PM - 1:35 PM

Networking Lunch

Sponsored by

Vendor Showcase

Sponsored by
1:35 PM - 1:55 PM

Track One

How to Manage Your PCI DSS Scope (Even When It’s Always Changing)

Presented by: Peggy Nolan, CEO, Payment Card Assessments

At the beginning of any PCI DSS assessment (or if you’re just starting your PCI Sustainability journey,) it’s critical that you start with scope. Why? Understanding and knowing your scope is where you begin to create, build, and maintain a continuous PCI DSS Compliance program. If you don’t have a firm grasp on what’s in scope for assessment, being able to complete a self-assessment or, if you’re a level 1 merchant, a mandatory Report on Compliance is next to impossible.

Track Two

Preventing Data Breaches: Insights From Real PFI Cases – A Panel Discussion

Moderated by: Brandy Cumberland, Director of Program Quality, PCI Security Standards Council

Panelists: Kevin Bong, Cybersecurity Director, Sikich LLP; Chris Hague, Divisional Head – Technical Services (DFIR, TIG, SOC), Foregenix, Inc. and Héctor Guillermo Martínez, President, GM Sectec

Join this engaging conversation to learn how to avoid breaches based on the panelists’ experiences. PCI SSC will share overall trends in PCI Forensic Investigators (PFI) cases including how failures to meet specific PCI DSS requirements have contributed to breaches, with PFIs sharing insights into deficiencies they’ve seen exploited and advice on how to avoid similar pitfalls.
2:00 PM - 2:20 PM

Training for Gold: How to Make PCI DSS Assessments Stress-Free

Presented by: Boyd Clewis, CISSP, CISA, CCSK, PCIP, QSA, VP & Chief Information Security Officer, Baxter Clewis Consulting; Tiana Clewis, CPA, CIA, President & Chief Executing Officer, Baxter Clewis Consulting and Scott Davis, CISSP, CISA, PCIP, Senior PCI Assessor, Frazier & Deeter

When you’re not prepared, every PCI DSS assessment can seem like a “fire drill.” Unfortunately, many companies mistake investing in tools and technology instead of educating those who manage them. In this presentation, Boyd and Tiana Clewis will demonstrate how companies of all sizes can achieve and maintain PCI DSS Compliance with employee training and developing internal processes.

Are Your Cyber Security Walls Future Proof?

Presented by: Brian Odian, CISM, CRISC, PMP, QSA, CDPSE, ISO27001 IA, Director – APAC Consulting Advisory Services, VikingCloud

The cyber landscape is always evolving. Greater threats are coming through advancements such as IoT, AI and Quantum Computing. While these advancements are positive, they can come at a cost to cybersecurity. With an ever-increasing surface area for cyber criminals to attack, enterprises need to shift their mindset away from 100% protection, all the time. Organizations who haven’t already done so need to shift from “protection” to “detection and response” because depending on tall security walls to protect your environment isn’t going to cut it anymore.
2:25 PM - 2:45 PM

Mainframes Ransomware and PCI Requirements

Presented by: Allen Saurette, Thought Leader, VP Business Development, MainTegrity, Inc.

Mainframes still process 87% of credit card transactions (IBM 2018) yet get scant attention from PCI Audits. The new scourge of the internet, ransomware, can be perpetrated as easily on mainframes as any other platform. This presentation discusses catastrophic exposures that exist on nearly every mainframe system and how by enforcement of existing PCI requirements substantial risk reduction can be accomplished.

Leveraging PCI ISAs in Your Organization to Scale the Effectiveness of Your Compliance Program

Presented by: Walid Barakat, Senior Vice President, IT Governance, Risk and Compliance, Global Payments and Todd Davenport, Director, GRC, Global Payments

Organizations today find increasing challenges in managing compliance with greater environment complexity and limited compliance staffing. Learn how an organization has effectively scaled its compliance team’s effectiveness through the use of embedded Internal Security Assessors across the IT landscape. Identify how to gain executive leadership sponsorship for top down compliance program accountability. Discover how compliance efficiency can manifest through compliance education.
2:50 PM - 3:10 PM

X9.143 and PCI PIN Compliant Key Blocks

Presented by: Richard Kisley, PCIP, X9.org, ISO, HSM Chief Engineer, IBM Corporation

In 4Q2020 PCI SSC introduced detailed requirements for secure key blocks, referring to ASC X9 TR-31. This session takes you through the important features of ANSI X9.143, the new U.S. national standard for secure key blocks in payment applications, based on ASC X9 TR-31. Join to understand the features that can significantly enhance your key management security and ease your key management headaches. Learn also the security and pitfalls of the key block, especially relating to ISO 20038.

The PCI DSS Program: Take Control of the Controls

Presented by: Jeni German, CISA, CDPSE, PCIP, Senior Digital Analyst, WM

The PCI assessment is a once a year exercise meant to ensure that PCI Data Security Standard requirements are being met. A PCI program is more than a collection of processes running independently; it is meant to be one continuous process, composed of all the people, processes, and technology that intertwine to make effective controls. Creating a continuous process requires 1) engaging the right people, 2) understanding the timing requirements of the controls and the assessment, and 3) optimizing the PCI evidence responses with other workflows. Building a PCI program is an evolving process, and will scale to our quickly changing business processes and digital environments. Let me share some things I have found useful on my own path to a business as usual PCI Program.
3:10 PM - 4:10 PM

Networking Break and Vendor Showcase

Take advantage of  the extended time to reconnect in-person with our vendors!
Sponsored by
4:10 PM - 4:30 PM

Track One (Tech Demos)

The Rising Threat of Eskimming and What to Do About It

Presented by: John (JB) Bartholomew, Senior VP of Technology, SecurityMetrics

E-commerce skimming impacts thousands of online retailers and results in the loss of millions of dollars. 25-year veteran in Tech, John Bartholomew (SVP of Technology), will use data from over 500 forensic investigations to show why eskimming is on the rise, as well as the technical and financial threats of eskimming and formjacking. He will cover how hackers are developing more sophisticated eskimming techniques, including a new way that cyber criminals are hacking iframes that are undetectable by current security tools.

Track Two (Tech Demos)

Why Software Still Stinks and What You Can Do About It!

Presented by: Ed Adams, Chief Executive Officer, Security Innovation

Ever wish someone explained cyber attacks/hacks in plain language, using easy to understand metaphors, and made you laugh while doing it? Well, here it is. Come watch me hack a live cloud application and explain 5 top attacks. Fun!
4:40 PM - 5:00 PM

Foundational Network Configuration Security - Zero Trust and PCI DSS 4.0 Assurance at Scale

Presented by: Ian Robinson, Chief Architect, Titania, Ltd.

Foundational network configuration security for Zero Trust and PCI DSS 4.0 assurance at scale. We consider some best practices for embedding security as a continuous process to address the fact that CDE change on a daily basis including network segmentation; abandoning sampling; adopting a zero trust approach. Titania will share how the new-to-market capabilities of Nipper Enterprise enable network owners to accurately automate security &; compliance assessments of every router, switch and firewall in a network on up to an hourly basis. See how the continuous view of actual security and PCI DSS compliance that it provides gives users the assurance that networking devices are performing as intended, that CDEs remain protected from preventable attack, and that payment card data is safe.

A-LIGN's Compliance Management Platform, A-SCEND, Launches Exciting New Features That Expedite PCI DSS Compliance

Presented by: John Baughman, Senior Account Executive, A-LIGN and Dustin Rich, Director and PCI DSS Practice Lead, A-LIGN

Learn how you can streamline the PCI DSS audit process with automated evidence collection, policy and procedure management, and continuous monitoring, all now available from A-LIGN's end-to-end compliance platform, A-SCEND.
5:10 PM - 5:30 PM

Managing PCI Compliance Doesn’t Have to Suck

Presented by: Todd Coshow, Head of Business Development, Total Compliance Tracking and Jon Dotson, Head of Product, Total Compliance Tracking

Managing compliance is challenging and costly. If you're using a combination of spreadsheets, email and file storage systems to manage your compliance or are subject to more than PCI DSS - there's a better way. No need to revamp your internal systems when PCI DSS v4.0 arrives - have your system do the heavy lifting for you. All of your data in a single place, improved efficiency for your internal team, proactive reminders of upcoming compliance tasks, automated report generation and more. Discover a better way to manage compliance with a cost effective compliance management system built by compliance professionals.

Solve Some of the Most Complex Requirements of PCI DSS 4.0 With the Best Cybersecurity Technology You’ve Never Heard of

Presented by: Paul Grover, Managing Director, Confide Limited and Derek Schenk, CTO, Datex

As a Participating Organization of the PCI SSC, and as a Service Provider Level 1 audited organization, DataStealth knows a thing or two about PCI DSS. Our ground breaking, patented cybersecurity software has been proven to help any organization comply with the PCI Data Security Standards. PCI DSS 4.0 requires organizations to; “validate code/scripts on payment pages”, “add change/tamper mechanisms for payment pages”, and “confirm the scope of the cardholder data environment to your QSA, including the ability to detect payment cards where they do not belong”. DataStealth does all that, and more, without the need for any code changes, API integrations, agent installs, or other modifications or disruptions to your applications or IT environment. Sounds too good to be true? Join our Tech Exchange session to see how we do it and you’ll also hear from a QSA about how one of their customers already uses DataStealth to meet all the requirements well in advance of the 2025 deadline.
5:40 PM - 6:00 PM

JavaScript Integrity: The New Attack Surface

Presented by: John Elliot, Security Advisor, Jscrambler

Our presentation demonstrates how malicious JavaScript can skim cardholder data from payment form fields. We will show how Jscrambler's Webpage Integrity protects the payment page, and therefore the consumer, by: Creating a dynamic inventory of all scripts; Monitoring, in real-time, the integrity of each script on the page, guaranteeing that all of them are performing as intended and have not been tampered with; Preventing the execution of the malicious script and defeating the attack; Alerting the website owner in and identifying the source of the malicious script. Jscrambler's Webpage Integrity meets the new requirements 6.4.3 and 11.6.1 in PCI DSS v4, which were designed to ensure the integrity of payment page scripts and to detect tampered scripts in the consumer's browser.
6:00 PM - 7:30 PM

Networking Reception and Vendor Showcase

Thursday, September 15

8:00 AM - 12:00 PM

Registration Open

General Sessions

Emceed by: Sherron Burgess, Senior Vice President and Chief Information Security Officer, BCD Travel; Board Member and Vice President, Strategic Development, Cyversity

9:00 AM - 9:15 AM

Welcome Remarks

Presented by: Sherron Burgess, Senior Vice President and Chief Information Security Officer, BCD Travel; Board Member and Vice President, Strategic Development, Cyversity

9:15 AM - 10:30 AM

Embracing the Journey to PCI DSS v4.0

Presented by: Emma Sutcliffe, SVP, Standards Officer, PCI Security Standards Council

Seismic Change or a Mere Ripple: Changes to Reporting for PCI DSS v4.0

Presented by: Brandy Cumberland, Director of Program Quality, PCI Security Standards Council and Kandyce Young, Manager, Data Security Standards, PCI Security Standards Council

This session will help you understand changes made to reporting documentation to reflect PCI DSS v4.0 updates and how those changes support security as a continuous process. In this session, PCI SSC will discuss updates to the SAQs, ROCs, and AOCs.

Understanding the New Customized Approach: Separating Fact From Fiction - A Panel Discussion

Moderated by: Lauren Holloway, Director, Data Security Standards, PCI Security Standards Council

Panelists: Marc Bayerkohler, Standards Trainer, PCI Security Standards Council; Brandy Cumberland, Director of Program Quality, PCI Security Standards Council and Tom White, Senior Manager, Content Development, PCI Security Standards Council

Change can be hard, but it doesn't have to be. Understanding the intent behind changes to PCI DSS v4 is key, and in this session, members across PCI SSC will do some myth-busting and clarify aspects of the new Customized Approach in PCI DSS v4.0 to help you understand whether it is right for your organization.
10:30 AM - 11:00 AM

Industry Keynote - The Payment Threat Landscape: Today and Tomorrow

Presented by: Confidence Staveley, Award-winning Cybersecurity Professional, Cybersecurity Awareness and Inclusion Advocate, CyberSafe Foundation Founder and Executive Director, CyberSafe Foundation

As the world becomes more digitally connected and the drive for financial inclusion grows, the payment threat landscape has also expanded. In this session, we explore the connection between the African payment threat landscape and the rest of the world, showcasing creative ideas for driving user-centric cybersecurity awareness campaigns and signposting predictions for the future of payments globally.
11:00 AM - 11:30 AM

Networking Break and Vendor Showcase

Sponsored by
11:30 AM - 11:50 AM

Track One

Current Cyber Threat Landscape

Presented by: Dr. Berny Goodheart, Manager, Lab Programs, PCI Security Standards Council

This session will inform security professionals about some of the current threats and a review of the latest cyber threats currently being tracked in the Cyber Community. We will discuss, the provenance surrounding new threats, what to look out for, and examples of new age of ransomware and how phishing attacks are evolving.

Track Two

Mobile Payments Update

Presented by: Andrew Jamieson, VP, Solutions, PCI Security Standards Council

Join this session to hear about the general evolution in mobile payments/security. We will also cover the evolution of SPoC, CPoC to MPoC, an overview of MPoC structure, RFC highlights, and transition and programmatic considerations.
11:55 AM - 12:15 PM

Balancing Technology and Cyber Risks –The Future of Payments is Mobile

Presented by: Dharshan Shanthamurthy, CEO, SISA

With the exponential rise of Digital Payments, this session will look at what’s coming in the next decade - A preview of how increasing demand will lead to increased momentum towards flexible payment solutions, contactless payments etc. We will also cover the major vulnerabilities and risks associated with mobile payments and conclude with the 5 best practices, organizations must consider to improve and secure their payment transactions.

Malicious, Suspicious, and Concerning Trends in E-commerce - A Panel Discussion

Moderated by: John (JB) Bartholomew, Senior VP of Technology, SecurityMetrics

Panelists: Brad Caldwell, CEO, SecurityMetrics; Dave Ellis, Vice President of Investigations, SecurityMetrics and Chad Horton, Senior Director of Penetration Testing, SecurityMetrics

The increase in e-commerce has led to a corresponding increase in e-commerce attacks. Currently, around 85% of our investigations are e‑commerce attacks. This panel will examine the top identified concerning, suspicious, and malicious vulnerabilities discovered on e-commerce website shopping carts. In 2021, SecurityMetrics analysts identified malicious issues on 25.3% of investigated ecommerce sites. The purpose of this panel is to educate the industry on the need to secure their shopping carts.
12:20 PM - 12:50 PM

Navigating PCI Payment Solutions

Presented by: Andrew Jamieson, VP, Solutions, PCI Security Standards Council and Jake Marcinko, Senior Manager, Solution Standards, PCI Security Standards Council

Learn about how the different PCI validated products/solutions work together in the environment:
  • Different models/approaches
  • Risk considerations
  • Impact on each other in the same environment
  • PCI DSS v4.0 considerations

Threats From the Dark Side – A Dark Web Tour From a PCI DSS Perspective

Presented by: Christopher Strand, PCIP, Chief Risk and Compliance Officer, Cybersixgill

Cybercriminals are moving at a staggering pace and have evolved on the deep and dark web to take advantage of vulnerabilities in sophisticated new ways. Illicit dark web forums, access brokers, and hacking groups are among a few entities that hunt for valuable data and exploit it for nefarious purposes. In this session we will take an interactive tour of the dark web with examples of how dark web threat actors are positioning themselves to target PCI related data and systems.
12:50 PM - 2:00 PM

Networking Lunch and Vendor Showcase

Sponsored by

General Sessions

2:00 PM - 2:20 PM

What’s in a Number? 8-Digit BINs and PCI Standards

Presented by: Emma Sutcliffe, SVP, Standards Officer, PCI Security Standards Council

Join this session to understand how the introduction of 8-digit BINs might affect your approach to truncation and masking, and how these approaches are supported by the PCI standards.
2:20 PM - 2:40 PM

Exploring What’s In Store With EMV® 3-D Secure

Presented by: Brian Byrne, Director of Engagement and Operations, EMVCo and Joel Weisz, Manager, Solution Standards, PCI Security Standards Council

EMV® Three-Domain Secure (EMV 3DS) and the PCI 3DS Core and 3DS SDK Standards are helping issuers, acquirers and merchants prevent fraud across e-commerce channels and devices. Join PCI SSC and EMVCo to learn why fighting online payment fraud is essential. Don’t miss this overview of EMV® 3-D Secure (3DS), as PCI SSC and EMVCo explore the latest technical developments, and present the evolving PCI 3DS Core and 3DS SDK Security Standards and how they complement the EMV® 3DS Specification.
2:40 PM - 3:10 PM

Top 5 Ways to Engage With PCI SSC and the Community

Presented by: Lindsay Goodspeed, Senior Manager, Corporate Communications, PCI Security Standards Council; Mark Meissner, SVP, Education & Engagement Officer, PCI Security Standards Council and Elizabeth Terry, Senior Manager, Community Engagement, PCI Security Standards Council

Join us to learn about the top 5 ways to engage with PCI SSC and the community, including the extensive PSS DSS v4.0 resources and the growing list of engagement opportunities – all developed to make an impact and educate our community members about safe payments worldwide.
3:10 PM - 3:15 PM

Closing Remarks

Presented by: Mark Meissner, SVP, Education & Engagement Officer, PCI Security Standards Council

3:30 PM - 5:30 PM

Assessor Session (QSAs, ISAs, ASVs, PFIs, QPAs, CPSAs, SSF, P2PE, 3DS assessors only)

As an active assessor in the PCI SSC programs, join us for a special session to hear industry best practices, recent case studies, Council updates, live Q&A and networking opportunities with your peers.