Join us for two days of connecting, discovery, updates from the Council, regional community speakers, merchants, industry experts, and more.

Click here to convert to your local time.

Schedule subject to change – Continue to check back for updates and session details

 

Registration Now Open
  • Wednesday, 15 November
  • Thursday, 16 November

Wednesday, 15 November

09:00 - 17:00

Registration Open

09:00 - 09:20

Community Meeting Kick-off

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

09:20 - 09:50

Asia-Pacific Regional Update

Presented by: Yew Kuann Cheng, Regional VP, Asia Pacific, PCI Security Standards Council

09:50 - 10:20

PCI SSC - Where We Are Going & How We Are Getting There?

Presented by: Andrew Jamieson, VP, Solutions, PCI Security Standards Council and Emma Sutcliffe, SVP, Standards, PCI Security Standards Council

PCI SSC is more than Mobile and DSS. Join this session to see what direction the Council is going in all the areas of the ecosystem that the standards are involved in.
10:20 - 10:50

Networking Break and Vendor Showcase

10:50 - 11:20

Securing Data and Achieving Compliance: Exploring Assessment Practices in PCI DSS v4.0 and Cloud Security Alliance's Cloud Data Security Practices

Presented by: Jorge Higueros, President, Cloud Security Alliance Centro America

This speech focuses on two key topics: Assessment Practices in PCI DSS version 4 and Cloud Data Security Practices in collaboration with the Cloud Security Alliance (CSA). The first part emphasizes the importance of Assessment Practices in maintaining a secure environment for cardholder data and meeting the requirements of PCI DSS version 4. It highlights activities such as vulnerability scanning, penetration testing, and self-assessment questionnaires (SAQs). The speech discusses how these practices aid in identifying vulnerabilities, evaluating risk, and implementing necessary security measures. It also highlights the updates introduced in PCI DSS version 4, including a stronger emphasis on risk management and the need for continuous management.
11:20 - 11:50

E-commerce Threat Trends and PCI v4.0

Presented by: Sylvia Choa, Principal Consultant, Foregenix and Raymond Simpson, M.D. APAC, Foregenix

Ray will start the presentation with sharing e-commerce threat and breach trends that we have been monitoring for close to a decade. We will focus on a case study and investigate what the core challenges and issues are that have been identified. With this backdrop, Sylvia will tie in PCI DSS v4.0 and how this new version will more effectively address the risks that we see in the e-commerce space. She will cover specific requirements in PCI DSS v4.0 that will effectively help address the pain-points that often lead to breaches.
11:50 - 12:20

Tips to Successfully Work Through Your PCI DSS v4.0 Transition - A Panel Discussion

Moderated by: Emma Sutcliffe, SVP, Standards, PCI Security Standards Council

Panelists: Fong Choong Fook, Founder & Executive Chairman, LGMS Berhad.

12:20 - 13:20

Networking Lunch and Vendor Showcase

13:20 - 13:50

Five Perspectives to Help You Understand the New PCI DSS v4.0 Requirements

Presented by: Toshiro Yanagihara, Product & Promotion Manager (P2PE/3DS), BSI Group Japan K.K.

PCI DSS v4.0 was published in March 2022, and at 360 pages, it has numerous additional requirements, leaving many people struggling to know what they need to do to comply. Therefore, we focused on the 64 new requirements that most clearly showed the characteristics of PCI DSS v4.0, proposed five perspectives to help you understand the new requirements, and have explained them to our customers. The five perspectives consist of “Flexibility,” “Improved Security Maturity,” “Protection of Account Data,” “Response to External Threats/Risks,” and “Response to Internal Risks and Environmental Changes.” Through understanding the five perspectives, it will be possible to understand the characteristics of PCI DSS v4.0 more easily and clearly. The presentation aims to help small businesses build a strong security foundation while prioritizing growing the business.
13:50 - 14:50

PCI DSS v4.0 Update

Presented by: Lauren Holloway, Director, Data Security Standards, PCI Security Standards Council and Tom White, Senior Manager, Content Development, PCI Security Standards Council

14:50 - 15:20

Networking Break and Vendor Showcase

15:20 - 15:40

What is New for the PCI DSS v4.0 SAQs

Presented by: Lauren Holloway, Director, Data Security Standards, PCI Security Standards Council

15:40 - 16:20

PCI SSC Mobile Security and Solutions Standards Update

Presented by: Andrew Jamieson, VP, Solutions, PCI Security Standards Council

16:20 - 16:50

Our “Key” Experience in PIN Security / P2PE / FIPS 140-3

Presented by: Di Li, Principal Consultant, atsec (Beijing) information security Co., Ltd

Regarding key generation, the paper discusses the generation requirements and methods defined in each of the three standards, compares the differences, and provides a rationale for why each standard requires a different approach.​ The section on key distribution and key establishment explores the different methods of securely transferring a key from one party to another. The paper defines each of these methods and provides common scenarios where they apply.​ The paper also provides several methods for key destruction, such as physical destruction, and logical cryptographic zeroization.
17:00 - 18:30

Networking Social and Vendor Showcase

Details coming soon

Thursday, 16 November

09:00 - 12:00

Registration Open

09:00 - 09:15

Welcome Remarks

Presented by: Yew Kuann Cheng, Regional VP, Asia Pacific, PCI Security Standards Council

09:15 - 09:35

Compliance is a Program, Not a Project

Presented by: Brian Odian, Director - APAC Managed Compliance Services, VikingCloud

The Sydney Harbour Bridge has around 485,000 square metres of steelwork which needs to be repainted every 5 years to protect it from corrosion. The road surface on the bridge has to be replaced around every 10 years and even the flags on top of the bridge are changed every 4-6 months. Just as you finish one task another one begins, or you have to restart what you just finished. If the maintenance program isn’t managed the results could be catastrophic. Likewise, if we treat compliance programs as individual projects, or one-off tasks, and don’t maintain them, corrosion of our overall security and compliance posture could easily occur. So, what we will consider as part of this presentation is:
  • Why compliance should be viewed as a program.
  • World view on regulatory compliance.
  • Synergies between compliance programs.
  • Developing a mature compliance program.
  • Impediments to success.
09:35 - 10:20

Keynote - Scaling New Heights

Presented by: Khoo Swee Chiow, Adventurer, Inspirational Speaker, Author, Photographer and Adventure Consultant

10:20 - 10:50

Networking Break and Vendor Showcase

10:50 - 11:20

Evolution of Payment Landscape In Asia and Its Implication Globally

Presented by: Dharshan Shanthamurthy, Founder & CEO, SISA

The rapid evolution of technology and consumer behavior has given rise to innovations in the Asian payments industry. Fintech startups are disrupting the traditional banking landscape in Asia, providing innovative solutions for payments, lending, and financial management. As this landscape expands to include cross-border payments, it is expected to raise questions about security, privacy, and regulatory oversight. This session will discuss this rapidly transforming landscape including a focus on regulations, emerging cybersecurity threats, and best practices that are critical to securing payments.
11:20 - 11:40

Breach Trends and Lessons Learned

Presented by: PCI Security Standards Council
11:40 - 12:00

PCI Security Program Design - Bridging Theory and Practice

Presented by: Ciske van Oosten, Head of Global Business Intelligence, MCI Communications, Inc. dba Verizon Business Services

Presenting insights on best practice methods to design, manage and improve a best-in-class PCI Security program. This is based on twenty years of practical experience on the design and implementation of PCI Security programs. The session includes critically important insights - needed to also meet PCI DSS v4.0 requirements, such as: a.) How to establish a sensible program goal b.) How to identify the most important constraints, limiting program performance and improvement c.) How to overcome constraints d.) Avoiding common project management pitfalls associated with PCI Security programs.
12:00 - 12:40

Challenges, Culture and Compliance in Middle East Assessments - Take the Three C’s and Turn It Into an A+ Assessment Practices

Presented by: MHD Othman Al-Akkad, Vice President of Technology, Al Ejabi Auditing, Reviewing & Testing Cyber Risks Co. (Ejabi InfoSec) and Towfek Zouheir, CEO, Al Ejabi Auditing, Reviewing & Testing Cyber Risks Co. (Ejabi InfoSec)

Assessments find shortcomings in their people, process, and technology. Challenges arise from start, compound it with the culture in the Middle East of safeguarding info and multiply all of these with their own internal and central bank compliances. You have your hand full. Take these three C’s (Challenges, Culture & Compliance) and convert to an A+ Assessment practice, the real-life case study presented will give you the direction to build operational efficiencies and manage the PCI DSS audit.
12:40 - 13:10

Making the Payments Industry Stronger – A Panel Discussion

Moderated by: Mark Meissner, SVP, Education & Engagement, PCI Security Standards Council

Panelists: TBA
13:10 - 13:15

Closing Remarks

Presented by: Yew Kuann Cheng, Regional VP, Asia Pacific, PCI Security Standards Council