Join us for three days of connecting, discovery, updates from the Council, regional community speakers, merchants, industry experts, and more.

Click here to convert to your local time.

Schedule subject to change – Continue to check back for updates and session details

Registration Now Closed
  • Tuesday, 24 October
  • Wednesday, 25 October
  • Thursday, 26 October

Tuesday, 24 October

09:00 - 18:00

Registration Open

09:00 - 13:00

Vendor Showcase Grand Opening

13:00 - 13:20

Community Meeting Kick-off

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

13:20 - 13:25

Emcee Welcome Remarks

Presented by: Jeremy King, Regional VP, EMEA, PCI Security Standards Council

13:25 - 13:55

PCI SSC - Where We Are Going & How We Are Getting There

Presented by: Andrew Jamieson, VP, Solutions, PCI Security Standards Council and Emma Sutcliffe, SVP, Standards, PCI Security Standards Council

PCI SSC is more than Mobile and DSS. Join this session to see what direction the Council is going in all of the areas of the ecosystem that the standards are involved in.
13:55 - 14:15

Skimming Prevention, Best Practices for Merchants

Presented by: Tim Cormier, Director, Lab Validation Programs, PCI Security Standards Council and Dr Berny Goodheart, Manager, Lab Programs, PCI Security Standards Council

The presentation will be to highlight the information in the guide and how the guide uses real world attacks and solution to current merchant problems. The problems remain the same and the guidance document is a great resource for merchants of all sizes to provide some basic physical security procedures. The presentation would be updated to include mobile, and risks associated with those solutions. The goal is to provide education to merchants and to allow QSAs a resource to provide to their customers.
14:15 - 15:00

KEYNOTE: The Art of the Steal

Presented by: Bob Arno, Professor of Pickpocketry

15:00 - 15:30

Networking Break and Vendor Showcase

VIP Meet and Greet Add On Experience Featuring Keynote: Bob Arno, Professor of Pickpocketry

For an additional fee, attend this intimate Meet and Greet Reception. This is a great opportunity to engage with our keynote and ask them any lingering questions. To add this experience: Simply go to your registration confirmation email and click “Modify Registration”. You may need to verify your registration first, then navigate to the “Meet and Greet Add-on" option to purchase this great opportunity. If you haven’t registered yet, be sure to add on this experience when registering!
15:30 - 16:00

Tips to Successfully Work Through Your PCI DSS v4.0 Transition - A Panel Discussion

Moderated by: Emma Sutcliffe, SVP, Standards, PCI Security Standards Council

Panelists: Katie Cowman, PCI ISA & PCIP, PCI Assurance Manager, Barclaycard; Josh Knopp, Chief Information Security Officer, Enterprise Holdings and Tomás Perlines, Head of Payment Security, Schwarz IT KG

Hear from some of the world’s largest retailers on how they are successfully working through the unique challenges of implementing PCI DSS v4.0.
16:00 - 16:20

PCI DSS v4.0 Part - 1
What’s New: Top FAQs, Resources, Q&A, Guidance Column, etc.

Presented by: Marc Bayerkohler, Standards Trainer, PCI Security Standards Council; Tom White, Senior Manager, Content Development, PCI Security Standards Council and Kandyce Young, Manager, Data Security Standards, PCI Security Standards Council

16:20 - 16:40

PCI DSS v4.0 - Part 2
All About INFI

Presented by: John Bloomfield, Manager, Data Security Standards, PCI Security Standards Council and Matt O’Connor, Director, AQM, PCI Security Standards Council

16:40 - 17:00

PCI DSS v4.0 - Part 3
What Do I Need to Do In The Next 6 Months? 15 Months?

Presented by: Lauren Holloway, Director, Data Security Standards, PCI Security Standards Council

17:00 - 17:20

How AI Will Impact PCI DSS Assessments in the Future

Presented by: Eric Sampson, QSA, CISSP, CISM, CISA, CIPP/US, Senior Manager, Schellman

As the field of information technology (IT) continues to evolve and advance, it is becoming increasingly important for PCI DSS assessors to stay up-to-date with the latest technologies and techniques. One area of technology that is particularly relevant to the future of PCI DSS assessments is artificial intelligence (AI). In this presentation, we will discuss how PCI DSS assessors should prepare to take advantage of future AI capabilities.
17:20 - 17:30

Day 1 Closing Remarks

17:30 - 19:30

Welcome Celebration

All are welcome! Don’t miss this taste of the city and kick-off networking opportunity! This reception will be held at the Convention Centre Dublin.
Sponsored by:

Wednesday, 25 October

09:00 - 18:00

Registration Open

09:30 - 09:35

Welcome Remarks

Presented by: Jeremy King, Regional VP, EMEA, PCI Security Standards Council

09:35 - 09:55

When a Hacker Comes Knocking: Vulnerability Disclosure, Bug Bounties, and PCI

Presented by: Ilona Cohen, Chief Legal Officer, Chief Policy Officer, HackerOne, Inc and Harley Geiger, JD, MA, CIPP/US, Counsel and Senior Director, Venable, LLP

A hacker contacts your organization. They say they have found a major vulnerability in your software. What should you do? Are you under attack? What if the hacker asks for a “donation”? Vulnerability disclosure policies (VDP) and processes are increasingly built into regulations and standards, including PCI v4.0. This presentation will provide an overview of vulnerability disclosure best practices, differences between VDP and bug bounties, and how these practices fit within PCI 4.0 compliance.
09:55 - 10:40

Industry Keynote: Social Engineering and "Hacking the Humans"

Presented by: Jenny Radcliffe, People Hacker and Social Engineer

10:40 - 11:10

Networking Break and Vendor Showcase

VIP Meet and Greet Add On Experience Featuring Industry Keynote: Jenny Radcliffe, People Hacker and Social Engineer

For an additional fee, attend this intimate Meet and Greet Reception. This is a great opportunity to engage with our keynote and ask them any lingering questions. To add this experience: Simply go to your registration confirmation email and click “Modify Registration”. You may need to verify your registration first, then navigate to the “Meet and Greet Add-on" option to purchase this great opportunity.  If you haven't registered yet, be sure to add on this experience when registering!
11:10 - 11:50

Track One

We Can Rise, Only by Lifting Others - A Panel Discussion

Moderated by: Tracey Long, VP, Programs, PCI Security Standards Council

Panelists: Natasja Bolton, Client Engagement Manager (QSA), Viking Cloud; John Elliot, Security Advisor, JScrambler; Candice Pressinger, BA Hons, MSc, GDPR Practitioner, Director - Customer Data Security, Elavon Merchant Services/US Bancorp and Simon Turner, Senior Manager Security Governance & Compliance, British Telecommunications Plc

Successful people in payments should ALWAYS be willing to help others on their climb. The panelists share their personal experiences of helping and supporting each other and others in the payments industry. Noting that your network is your greatest asset - you give, and you get in equal measure. Your network and colleagues in payments are not just the people you work with, they are the wider PCI Community, and everyone needs to recognise that ‘WE [as an industry] CAN RISE, ONLY BY LIFTING OTHERS.

Track Two

Keep Calm & Simplify: Contact Centre Best Practices in the Era of PCI DSS v4.0

Moderated by: David Swift, Channel Sales Director, PCI Pal

Panelists: Geoff Forsyth, Chief Information Security Officer, PCI Pal; Ciske Van Oosten, Head of Global Business Intelligence, Verizon and Ron Tosto, MBA, QSA, CISSP, CISA; CEO, Servadus

The contact centre is continuously evolving, and PCI DSS 4.0 brings with it requirements that cover that ever-changing contact centre environment. In this panel session, industry leaders Verizon, PCI Pal, and Servadus address contact centre best practices in the wake of the updated regulation, while keeping contact centre priorities front and center. We will speak to some of the greatest impacts and action items for organisations leading up to the deadlines set forth in the latest version of the Standards, and how to position your organisation to come out ahead. Join us as we look at best practices and emerging technologies that will shape the payment security industry.
11:55 - 12:35

The Journey to Harmonisation: Successful Alignment of PCI Assessments in a Global Enterprise Environment

Presented by: Christopher Kristes, Executive Board Member, Head of Security Audits & PCI, usd AG and Isil Ugurlu, ISA-v4, CISM, Head of Worldline Group PCI Program, Worldline

The world of modern global enterprises is one of frequent changes. Mergers, acquisitions and differ-ent local environments complicate any group-level certification project such as PCI DSS. How can PCI procedures, policies and assessments be aligned across all group entities and scopes to conquer these challenges, especially with PCI DSS v4.0 on the horizon? Together, Worldline and usd have embarked on this journey to harmonisation and are here to share their story from both perspectives.

PCI SSC and EMVCo Mobile Security and Standards Update

Presented by: Arman Aygen, Director of Technology, EMVCo and Andrew Jamieson, VP, Solutions, PCI Security Standards Council

Join this session to explore EMVCo’s work on mobile payment acceptance and PCI SSC’s work regarding security.
12:35 - 14:00

Networking Lunch and Vendor Showcase

14:00 - 14:20

Track One

What is New for the PCI DSS v4.0 SAQs

Presented by: John Bloomfield, Manager, Data Security Standards, PCI Security Standards Council and Lauren Holloway, Director, Data Security Standards, PCI Security Standards Council

This session will focus on the following: New SAQ guidance issued in 2023, New SAQ SPoC compared to SAQ P2PE, What has changed in the SAQs, SAQ A – what’s with those new requirements? And what’s new for SAQ D for SPs.

Track Two

Mobile Payment Reverse Engineering and Security Invasion - Live Demo

Presented by: Dr Obadare Peter Adewale, Chief Visionary Officer, Digital Encode Limited

This session is structured to highlight mobile payment infrastructures, mobile payment services, mobile payment provisioning, mobile payment architectures, and mobile payment security threats.There will be a live demo of how an attacker can use a combination of different tools like an emulator, decompiler, bytecode instrumentation, dependency analyzer, and structured analysis to digitally invade a mobile platform if there are inherent vulnerabilities.
14:25 - 14:45

The Challenges of Managing e-Commerce JavaScript

Presented by: John Elliot, Security Advisor, JScrambler

Taking control of JavaScript is essential for entities wanting to meet the new requirements in PCI DSS v4 designed to prevent and detect ecommerce skimming attacks. This isn’t as easy as it sounds because it typically needs people and processes, as much as technology. We’ll explore the changes in business processes needed to manage JavaScript and also consider the pros, cons, and challenges of differing technical solutions that determine the way that scripts are approved.

Software Security Framework: Explaining the Web Software Module Through Analogy and Music

Presented by: Jake Marcinko, Senior Manager, Solution Standards, PCI Security Standards Council

Please join Jake Marcinko, Sr. Manager, Solution Standards, PCI SSC for a musical journey through the Secure Software Standard: Web Software Module. This session uses musical analogies to explain important software security principles and the new Web Software requirements that are intended to enforce those principles.
14:50 - 15:10

Mind the Gap: PCI DSS v4.0 vs v3.2.1

Presented by: Johan van Zyl, QSA, P2PE Assessor, PFI Core, Managing Director, Risk X Data Assurance Pty Ltd

With the PCI DSS v3.2.1 sunset fast approaching, Johan will speak about the wins, failures, and lessons learnt during 15+ PCI DSS v4.0 assessments and present a practical breakdown of the major differences between the two Standards experienced by his clients and assessors. He will also expand on the importance of early socialization of the new Standard. Attendees will gain real-life insights into what works and what doesn't, and the impact v4.0 has on the assessed client and their assessor.

Elevating Security: A Case Study in Moving Payment Cryptography to the Cloud

Presented by: Adam Cason, VP of Global and Strategic Alliances, Futurex and Steve Wilson, Senior Consultant, Encryption Services, Global Payments

Hardware security modules (HSMs) are crucial to PCI ecosystems and their deployment in As-a-Service environments is increasingly recognized. However, many organizations lack firsthand experience in this area.

This case study details the migration of a large payment processor’s security & key management infrastructure to the cloud. Presented with a broad, universally relevant framework, attendees will be equipped with battle-tested best practices that can be applied to their own organization.
15:15 - 15:35

Maintaining Security and Compliance When Insourcing Digital Workplaces

Presented by: Jana Ehlers, Division Manager & QSA, SRC Security Research & Consulting GmbH and Ralf Wupper, Lead Consultant IT Security, Lufthansa Group

Deutsche Lufthansa AG decided to insource its digital workplace environment. Together with their QSA company, SRC Security Research & Consulting GmbH, they will give insights into the related planning, project management, and implementation, including challenges they were facing.

The Future of Cyber Security from Hackers Perspective: Building a Defensible Architecture Using PCI DSS

Presented by: Pak Ho Chan, Regional Head of Cyber Defence, APAC, THALES and Queenie Chen, Regional PCI Practice Manager, APAC, THALES

Transform your business in the new era of cyber security through the eyes of hackers. This session will give the audience an overview of several real-world hacking cases. Also, this session will highlight how PCI DSS, as a practical approach, can build a defensible architecture and uplift the capabilities for engaging adversaries in order to engineer out potential threats and ensure resilience.
15:35 - 16:05

Networking Break and Vendor Showcase

16:05 - 16:25

Track One

Third Party Service Providers – Forging a Quality Relationship

Presented by: Peter O’Sullivan, Principal Information Security Consultant, Nettitude Ltd.

Service Providers are significant within the payment ecosystem, and their relationship with Merchants is essential in the protection of cardholder data. We will examine some of the common challenges and mistakes experienced by service providers and merchants from their respective sides. I’ll reference PCI DSS v4.0, and real-life problems observed in the merchant/service provider relationship; where in a worst-case scenario, the Service Provider causes a Merchant to be non-compliant.

Track Two (Tech Demos are sponsored sessions)

SecurityMetrics: How to Protect Your Ecommerce Transactions: An Overview of PCI DSS v4.0 Changes for Ecommerce Sites

Presented by: Gary Glover, CISSP, CISA, QSA, VP Assessments, SecurityMetrics

This presentation explains why PCI requirement 11.6.1 was added in PCI 4.0. We will discuss changes made to the SAQ A, including why scanning was added and how it makes you more secure. We will use case studies from Shopping Cart Inspect to illustrate the threats these changes to the PCI standard are trying to resolve. Lastly, we will discuss solutions to PCI 11.6.1 as well as the SAQ A and introduce a timeline for acquirers and merchants to follow so that they can begin their compliance plan.
16:30 - 16:50

The Art of PCI Maintenance

Presented by: Paul Brennecker, CISM, PCI QSA, PFI, Head of Consulting, 3B Data Security Ltd

In this session, we will look at how the controls in PCI DSS v4.0 are more focused on PCI security as a continuous process, and what is required to manage compliance throughout the year. GRC is all around us now, and this is filtering down merchants of all but the very smallest levels now. Demonstrating security as a continuous process with programs such as PCI and GDPR can also help to reduce Cyber Insurance premiums, sometimes by more than the cost of the actual security program.

K3DES: Assessments in the Hybrid World of Remote and Onsite

Presented by: Howard Glavin, CISM, CRISC, CDPSE, QSA, CTGA, Executive Vice President, K3DES, LLC

As businesses have moved to a pure work from home and or a Hybrid work environment the ability to conduct a true assessment is becoming extremely more difficult. The session is to provide insight in how to make the assessment be accurate and of value dealing with the risks associated with hybrid work environment. the session will give insight into how to conduct the interviews to allow for the accurate data to be received when the interviewees are not directly in front of you.
16:55 - 17:15

Target's PCI DSS v4.0 Journey

Presented by: Tony James, CISSP, CISA, CRSC, Director of Cybersecurity, Target

Hear Target's approach to prepare for and begin implementing PCI DSS v4.0. Learn tips and tricks you can still leverage as you finalize your own implementation.

Jscrambler: Securing Different Types Of Payment Pages From E-commerce Skimming Attacks

Presented by: Pedro Fortuna, CTO, Jscrambler

Attackers stealing cardholder data use different techniques based on the way payment pages are built. Our presentation will show real attack scenarios in 3 steps:
  • How the attack works
  • Show the attack against an unprotected payment form
  • Show the attack against a payment form, secured with Jscrambler technology
We’ll show different attack methods to different payment page builds, either where a payment form is directly embedded on a page or where it is embedded in a page using an iFrame.
17:20 - 17:40

The Evolution of Threats to Payments

Presented by: Pierre Chassigneux, Executive Vice President - Projects and Expertise Division, Cartes Bancaires CB

Threats to card payments are evolving and are directly linked to the digitalization of cards - to the growing use of Android for acceptance solutions - to the hosting of all or part of the acceptance/acquisition solutions in the cloud. What are these new threats? How some of the existing protections may/will lose efficacy as payments evolve ? And what additions should we make to the current PCI standards to maintain a good level of protection?

Titania: Continuously Viewing and Managing PCI DSS Compliance Through An Attacker’s Lens

Presented by: Ian Robinson, Chief Architect, Titania

PCI DSS v4.0 recommends abandoning sampling and regularly assessing network infrastructure (routers, switchers and firewalls) to ensure organizations gain increased security from continuous compliance. Nipper Enterprise enables the shift from ad-hoc, sampled assessments to continuous compliance assurance for the Enterprise. Enabling network owners to increase the coverage and cadence of network infrastructure assessments, prioritize remediation of non-compliances, & shut down real-world threats.
17:45 - 18:05

Understanding Roles in a Breach Scenario - A Panel Discussion

Moderated by: Brandy Cumberland, Director of Program Quality, PCI Security Standards Council

Panelists: Helen Huyton, Compliance Officer, Adyen and Benn Morris, Managing Director, 3B Data Security

Ever wondered what happens when account data is breached? Join us to hear about the latest trends around the world in reported account data breaches, and hear insight from key stakeholders about the roles and processes that take place when a breach occurs. Our panel of experts discuss aspects of account data breaches that many of us may be unaware of.

Total Compliance Tracking, LLC: Streamlining Complex Compliance Engagements

Presented by: Todd Coshow, Head of Business Development, Total Compliance Tracking and Jon Dotson, Head of Product, Total Compliance Tracking

Let's face it, managing compliance sucks. TCT has over a decade serving organizations in the compliance space that have complicated compliance engagements, and driving efficiency into managing all of the explanations and attachments required for these engagements across complicated workflows. TCT serves organizations subject to compliance through Assessors managing a multitude of Client engagements, across over 100 different compliance tracks. See a walk-through of how to make things better.
18:10 - 18:30

PCI Secure Software Standard Audit Readiness Approach & Best Practices

Presented by: Suraj Gyawali, Senior Solution Engineering Manager, Evo Payments​

In the talk, Suraj will take you through the journey and the approach that he has laid-out to prepare for PCI Secure Software Standard audit readiness, in the context of transitioning from PA DSS to S3. He will highlight the best practices and share samples of the template he built.

Key areas of focus:
  • Awareness to executive leadership team
  • Build Critical Assets Register – identifying sensitive data, security controls, sensitive resources.
  • Application Gap analysis, and application enhancements
  • Technical documentations

Advantio: Cyber Risk Based Approach to the Management of a Merchant Portfolio

Presented by: Richard Jones, Business Development Director, Advantio

Advantio’s ZeroRisk technology enables MSPs to rapidly cyber risk profile any merchant with an internet domain thus enriching PCI DSS compliance mgmt duties with practical security insights. By aggregating risk scores with business intelligence, MSPs can instantly see which merchants represent the greatest risk from a range of perspectives. The goal is to establish an increased level of cyber maturity across SMB merchants by highlighting, explaining, and quantifying what risks they may be running.
18:30 - 20:00

Networking Reception and Vendor Showcase

Thursday, 26 October

09:00 - 12:00

Registration Open

09:30 - 09:40

Welcome Remarks

Presented by: Jeremy King, Regional VP, EMEA, PCI Security Standards Council

09:40 - 10:00

Unleashing the Power of Participation with PCI SSC

Presented by: Lindsay Goodspeed, Senior Manager, Corporate Communications, PCI Security Standards Council and Elizabeth Terry, Senior Manager, Community Engagement, PCI Security Standards Council

Learn how you and your organization can make the most of your participation with the Council. This presentation will reflect feedback we have received from you, the PCI SSC community, and demonstrate how the Council uses this feedback to implement changes to benefit you and global payment security.
10:00 - 10:45

Keynote: Above All Else - The Power of Passion

Presented by: Jamie Clarke, Professional Olympic-Level Performance Coach and Expedition Leader

10:45 - 11:15

Networking Break and Vendor Showcase

VIP Meet and Greet Add On Experience Featuring Keynote: Jamie Clarke, Professional and Olympic-Level Performance Coach, Expedition Leader, Business Builder, and Master Motivator For an additional fee, attend this intimate Meet and Greet Reception. This is a great opportunity to engage with our keynote and ask them any lingering questions. To add this experience: Simply go to your registration confirmation email and click “Modify Registration”. You may need to verify your registration first, then navigate to the “Meet and Greet Add-on" option to purchase this great opportunity. If you haven't registered yet, be sure to add on this experience when registering!
11:15 - 11:35

PCI SSC Special Interest Group Update

Presented by: Kristine Harper, PCI DSS QSA, Principal Assurance Consultant, AWS Security Assurance Services, LLC.; Steve Porter, CISSP, QSA, QPA, GPEN, GWAPT, GICSP, GMOB, GCIH, GSNA, GSEC, CEO/ Founder, Secured Net Solutions Inc. and Kandyce Young, Manager, Data Security Standards, PCI Security Standards Council

11:35 - 12:05

Making the Payments Industry Stronger – A Panel Discussion

Moderated by: Mark Meissner, SVP, Education & Engagement, PCI Security Standards Council

Panelists: Naveed Islam, Chief Information Security Officer, Dojo; Jeremy King, Regional VP, EMEA, PCI Security Standards Council; Simon Turner, Senior Manager Security Governance & Compliance, British Telecommunications Plc and Jo Vane, InfoSec Compliance Director, Checkout.com

There are so many ways to engage with the PCI SSC. In this panel discussion, you will hear from PCI SSC Board of Advisors and Principal Participating Organization members about the various ways they have engaged with the PCI SSC and how payment stakeholders can have a voice in the development of standards and programs. You will also want to hear about the new benefits associated with being active with the PCI SSC and then make your plan to get more involved.
12:05 - 12:25

Bridge the Gap: Speak the Same Language As Your Assessor - A Panel Discussion

Moderated by: Elizabeth Terry, Senior Manager, Community Engagement, PCI Security Standards Council

Panelists: Heidi Babi, PCIP, ISA, CISSP, PCI Security & Assurance Sr Lead, Mars Incorporated; Andy Barratt, P2PE, PA-DSS, SSF, 3DS and PCI PIN Vice President, Financial Services / B2B, Coalfire; Coralie Chevallier, PCI QSA, Practice Leader, Oaklen Consulting and Peggy Nolan, PCIP, CISA, CEO, Payment Card Assessments

An interactive Panel discussion where we talk through the benefits of having ISA(s) on your team. How speaking the same language as your QSA facilitates more efficient & effective assessment, reduces friction, cost and time, as well as strengthening the relationship between the organization and assessor.
12:25 - 12:30

Closing Remarks

Presented by: Jeremy King, Regional VP, EMEA, PCI Security Standards Council

12:30 - 15:30

Assessor Lunch and Session (QSAs, ISAs, ASVs, PFIs, QPAs, CPSAs only)

Presented by: John Bloomfield, Manager, Data Security Standards, PCI Security Standards Council; Matt O’Connor, Director, AQM, PCI Security Standards Council; Travis Powell, Director, Training Programs, PCI Security Standards Council and Elizabeth Terry, Senior Manager, Community Engagement, PCI Security Standards Council

As an active assessor in the PCI SSC programs, join us for a special session to hear industry best practices, recent case studies, Council updates, live Q&A and networking opportunities with your peers.

Payment Vendor Lunch and Session (PCI CPoC, MPoC and SPoc Product Vendors, P2PE and SSF Vendors only)

Presented by: Leon Fell, Director, Device Standards, PCI Security Standards Council; Andrew Jamieson, VP, Solutions, PCI Security Standards Council and Jake Marcinko, Senior Manager, Solution Standards, PCI Security Standards Council

Join your peers for an informational session including Q&A with the PCI SSC team to discuss what’s new for vendors and labs for PCI PTS, P2PE, Mobile, and Software Security.