Join us for three days of learning, discovery, updates from the Council, regional community speakers, merchants, industry experts, and more.

All session times are in Indochina Time. To convert to your local time, please click here.

Agenda times are subject to change.

All presentations will be available in the General Session. On-Demand content will be released immediately following the Community Experience each day. Attendees can access sessions by navigating to the “Filter By” drop down menu and searching by content type.

  • Wednesday, 4 November
  • Thursday, 5 November
  • Friday, 6 November

Wednesday, 4 November

Morning Main Sessions will start at 11:00 ICT

11:00 - 11:05

Opening Remarks and Overview

Presented by: Karen Koh, Broadcast Journalist, Presenter and Producer

11:05 - 11:30

Community Meeting Kick-off

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

11:30 - 12:00

PCI DSS v4.0 – Part 1: Evolving Through the Power of Feedback

Presented by: Lauren Holloway, Director, Data Security Standards, PCI Security Standards Council and Emma Sutcliffe, SVP, Standards Officer, PCI Security Standards Council

Join PCI Council leaders to hear the latest on PCI DSS v4.0, including key insights into how feedback from the last RFC has helped shape and evolve the draft for the upcoming RFC.
12:00 - 12:10

Wellness Break - Take a moment to get up from your computer, refill your water, stretch your legs, do what you need to do to recharge.

12:00 - 13:00

Vendor Showcase

Visit and chat with our vendors, sponsors, and exhibitors.

Brand and PCI SSC Offices

Representatives will be available to meet with you and answer questions.*
*Brand and PCI SSC Office hours may vary. Please check individual Offices for schedules.
13:00 - 13:30

Community Experience - Located in the Community Café

Cooking & Cocktails

Get your ingredients ready and attend a cooking demonstration where you will make Vietnamese Caramelized Fish Hot Pot - Cá Kho Tộ” or follow along to create three delicious cocktails including a Singapore Sling, Lychee Martini and Jungle Bird. Sessions are pre-recorded.

Sponsored by

On-Demand Sessions - Will be released on the platform immediately following the Café Experience.

Content Disclaimer: The views and opinions expressed in external presentations are those of the external presenters and do not necessarily reflect the official standards or position of the PCI Security Standards Council.

A Regional Perspective On Payment Security

Presented by: Nitin Bhatnagar, Associate Director – India, PCI Security Standards Council; Carlos Caetano, Associate Director, LA Region for Brazil, PCI Security Standards Council; Ryoji Ihara, Associate Director, Japan, PCI Security Standards Council and Jeremy King, Vice President, Regional Head for Europe, PCI Security Standards Council

Cybercrime Landscape in Times of Disruption

Presented by: Angel Grant, CISSP, Director, Digital Risk Solutions, RSA

Cybercriminals will always use disruption to cause disruption, and the current pandemic is causing the biggest disruption our world has experienced in a long time. Even the most prepared organizations have been impacted by the surge in cybercrime and the scale and scope of change is driving a major re-thinking of cyber security, risk and resiliency to be better prepared for future disruptions. This session will arm you with how to disrupt the disruptors during a time of disruption.

Guidance to Maintain Compliance During a Pandemic

Presented by: Brian Odian, CISM, CRISC, QSA, PMP, CDPSE, ISO27001, Director – Global Compliance and Risk Services – Asia Pacific, SecureTrust

Prior to the COVID-19 pandemic, there was a worldwide push towards compliance mandates by the use of legislative instruments. Now, more than ever, with many organisations struggling to stay afloat, it is imperative that a strong compliance program be in place. The impact of ignoring a compliance program and treating it like a point-in-time task can be significant. In comparison to those impacts, the cost of a regular maintenance program will likely seem insignificant.

How a New PCI DSS is Required in This New World

Presented by: Allen Baranov, QSA, Senior Security Consultant, Sense of Security

With the massive adoption of Cloud and new processes and methodologies such as LEAN, Agile and DevOps, PCI is working hard to keep up. The new PCI DSS v4 will be an essential tool going forward. Learn about my experiences as a QSA working with organisations to become compliant to the PCI DSS Standard v3.2.1, where the pain points are and how a new way of thinking is required going forward into the future. I will cover what I believe specifically QSAs need to do to be successful with PCI DSS v4.

Industry Trends - ATM Cash-Out

Panelists: Pratik Mehta, Business Lead - APAC, Crossbow Labs LLP and Nivedita Sharma, Business Associate, Crossbow Labs LLP

This session drives home the point that security itself is a functional aspect for any device or technology and that there is no conflict between security and functionality. Technology and security have to be hand in glove and security cannot be a postfix.

Inherit and Build PCI DSS Compliance in Cloud

Presented by: Swati Sharma, FSI Compliance Specialist, Amazon Internet Service Provider Limited

Customers are leveraging cloud for their business advantages they can inherit cloud compliance and build PCI DSS controls for their environment.

PA-DSS/SSF Transition

Presented by: Tracey Harrington, CSCIP/P, Certification Programs Manager, PCI Security Standards Council and Jake Marcinko, Senior Manager, Emerging Standards, PCI Security Standards Council

In this session Jake Marcinko, PCI SSC Sr. Manager, Emerging Standards will share how PA-DSS compares to its successor, the Secure Software Framework and Tracey Harrington, Manager, Certification Programs will provide information on timelines and suggestions on how to prepare your organization to make the transition.

PTS POI Device Testing Version 6

Presented by: Tim Cormier, Senior Manager, Device Standards, PCI Security Standards Council

Watch this session for a quick look at how terminals are tested to receive PCI PTS approval.

Thursday, 5 November

Morning Main Sessions will start at 11:00 ICT

11:00 - 11:05

Opening Remarks

Presented by: Karen Koh, Broadcast Journalist, Presenter and Producer

11:05 - 11:30

Global Learning and Local Leading - Why your Participation is Critical to Payment Security Everywhere

Presented by: Troy Leach, Senior Vice President, Engagement Officer, PCI Security Standards Council

11:30 - 11:40

Wellness Break - Take a moment to get up from your computer, refill your water, stretch your legs, do what you need to do to recharge.

11:40 - 12:05

PCI DSS v4.0 – Part 2: New Customized Approach and Risk Analysis

Presented by: Marc Bayerkohler, Standards Trainer, PCI Security Standards Council

This second PCI DSS v4.0 session delves into the new customized approach and the essential role of risk analysis.
12:05 - 12:50

Keynote: How Real is the Cyber Threat In Asia and Globally?

Presented by: Bill Majcher, Co-Founder, EMIDR Limited

Join this keynote session to hear insight on how security is a motherhood issue and as a result security empires are built within organizations, whether they should be or not.
12:50 - 13:00

Wellness Break - Take a moment to get up from your computer, refill your water, stretch your legs, do what you need to do to recharge.

13:00 - 14:00

Vendor Showcase

Visit and chat with our vendors, sponsors, and exhibitors.

Brand and PCI SSC Offices

Representatives will be available to meet with you and answer questions.*
*Brand and PCI SSC Office hours may vary. Please check individual Offices for schedules.
14:00 - 14:30

Community Experience - Located in the Community Café

Magic and Mindreading

Prepare to be entertained by a digital illusionist with a highly interactive virtual magic and mentalist show like no other. Be sure to arrive early as space is limited and based on a first-come, first-serve basis.

Alan Hudson has been seen on Britain’s Got Talent, The Next Great Magician, and Penn and Teller’s Fool Us. With 20+ years of professional magical experience, Alan Hudson is highly regarded as one of the UK’s most amazing close up and funniest stage magicians.

Sponsored by BroadBand Security, Inc.

On-Demand Sessions - Will be released on the platform immediately following the Café Experience.

Content Disclaimer: The views and opinions expressed in external presentations are those of the external presenters and do not necessarily reflect the official standards or position of the PCI Security Standards Council.

Better Risk Assessments: Reframe Your Focus to Prioritize Efforts and Prevent Data Breaches

Presented by: Jen Stone, Principal Security Analyst, SecurityMetrics

With a few tweaks to mindset and approach, your risk assessment can go from what often seems like necessary “red tape” to the driving and organizing force behind your security and compliance programs. Jen Stone, Principal Security Analyst at SecurityMetrics, will give background of the purpose of risk assessments, outline the basic roadmap of activities, and highlight areas where risk assessments can go off course. Case study stories will bring real-life setbacks and successes to the forefront.

Experience on Remote Assessment During the COVID-19 Outbreak

Presented by: Yan Liu, Principal Consultant, atsec (Beijing) information Technology Co., Ltd and Krisy Mu, Security Expert, Alipay.com Co., Ltd

Join this session to hear about the most challenging areas for remote assessments and potential solutions. We will share our experience on how to do remote assessments and collaborate with the assessed entities. Lastly, we will make suggestions for future assessment activities (long-term consideration) in order to make the assessment more cost-effectively.

Learning from PFI Investigations – 2020

Presented by: Gill Woodcock, Vice President, Global Head of Programs, PCI Security Standards Council

We will be sharing an update on what we’ve learned from investigations completed by PCI Forensic Investigators (PFIs) and look at what has changed in the last 12 months. We’ll look at what trends are showing, give an insight into what PFIs are reporting on factors which cause and contribute to cardholder data breaches and how companies can benefit from this knowledge.

Online Digital Skimming

Presented by: John Bloomfield, Standards Development Manager, Data Security Standards, PCI Security Standards Council and Carlos P. Kizzee, EVP Intelligence Operations and Legal Affairs, Retail and Hospitality ISAC

Tracking Work from Home Threats - Risk Assessment Based Approach

Presented by: Prajwal Ramakrishne, Senior Consultant, SISA

In this session we will address various risk scenarios and case studies with respect to different business verticals (Banks, BPO’s and Fintech companies) and how they have implemented controls for work from home setup to address the challenges.We will discuss how companies are moving towards hosting infrastructure over the cloud and the do’s and don’ts from a security standpoint. With PCI DSS v4.0 coming and more emphasize being on the risk assessment, we will address the risks and the controls with respect to PCI Compliance.

Update on POI v6

Presented by: Leon Fell, CPA, CIA, CMA, CISA, CITP, Director of Solutions Standards, PCI Security Standards Council and Lars Hanke, Senior Consultant, Deutsche Telekom Security GmbH

Overview of the updates for the newly published POI v6 Security Requirements, including details on the new Domain-Based Asset Flow Analysis.

Updates on PCI SSC Mobile Security Standards

Presented by: John Markh, Senior Manager, Emerging Standards, PCI Security Standards Council

Join this session to hear about timelines, key principles, and high-level architecture of the security standards for mobile payment acceptance channels (SPoC and CPoC). Learn what to expect in future Contactless on COTS with PIN and the security advancement in the COTS devices.

When the Walls Begin to Crumble - Insights from the Trenches

Presented by: Ashish Thapar, Managing Principal - APJ Region, Verizon

In this session hear about bringing together insights from the Verizon's Data Breach Investigation Report, Payment Security Report and very importantly case studies of two of the recent Asia Pacific based investigations involving breach of cardholder data. The session will highlight how breaches happen, what are the common trends and what could be the effective/pragmatic countermeasures.

Friday, 6 November

Morning Main Sessions will start at 11:00 ICT

11:00 - 11:05

Opening Remarks

Presented by: Karen Koh, Broadcast Journalist, Presenter and Producer

11:05 - 11:25

PCI DSS v4.0 – Part 3: Evolving Nature of Authentication Practices

Presented by: Joel Weisz, Emerging Standards Manager, PCI Security Standards Council

Part three of the PCI DSS series explores how evolving authentication practices have influenced the next draft of PCI DSS v4.0.
11:25 - 12:05

Keynote: Preparedness, Crisis Management, and Communications

Presented by: John Volanthen, World Record-Holding British Cave Diver

12:05 - 12:15

Wellness Break - Take a moment to get up from your computer, refill your water, stretch your legs, do what you need to do to recharge.

12:15 - 12:35

PCI DSS v4.0 – Part 4: Third-Party Relationships and Cloud Services

Presented by: John Bloomfield, Standards Development Manager, Data Security Standards, PCI Security Standards Council and Lauren Holloway, Director, Data Security Standards, PCI Security Standards Council

Our final PCI DSS v4.0 presentation centres on third-party service providers and customer relationships, including a focus on cloud and multi-tenant providers
12:35 - 12:40

Looking Towards The Future

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

12:40 - 13:00

Wellness Break - Take a moment to get up from your computer, refill your water, stretch your legs, do what you need to do to recharge.

13:00 - 14:00

Vendor Showcase

Visit and chat with our vendors, sponsors, and exhibitors.

Brand and PCI SSC Offices

Representatives will be available to meet with you and answer questions.*
*Brand and PCI SSC Office hours may vary. Please check individual Offices for schedules.
14:00 - 14:30

Community Experience - Located in the Community Café

Yoga

Stretch both the mind and body with some relaxing and mindful yoga. Session is pre-recorded.

On-Demand Sessions - Will be released on the platform immediately following the Café Experience.

Content Disclaimer: The views and opinions expressed in external presentations are those of the external presenters and do not necessarily reflect the official standards or position of the PCI Security Standards Council.

Cryptographic Requirements in the PCI Family, and Mapping into National Schemes

Presented by: Di Li, Principal Consultant, atsec (Beijing) Information Security Co., Ltd

This session collects cryptographic related techniques and requirements used in PCI (Payment Card Industry) standards family, explains the requirements and the related test procedures, mapping them into the industrial standards and National Schemes, such as US (FIPS 140-2/3 and Special Publications) and China (SCA: State Cryptography Administration).

Cryptography Evolves

Presented by: Ralph Poore, Director, Emerging Standards, PCI Security Standards Council

How is the evolution of cryptography forcing our standards to evolve? Session addresses the why and how that support the sunrise dates (the what) with a focus on changes in PIN standards. Provides an overview of the project steps involved in meeting these dates.

Getting the Most From Your Membership

Presented by: Jeremy King, Vice President, Regional Head for Europe, PCI Security Standards Council

As a Participating Organization you have access to a wide range of benefits that come with your membership. This presentation will run through what those benefits are and how as a PO you can make the most from them to maximize your membership and involvement with the PCI SSC to help reduce card payment fraud.

Leveraging Compliance Automation to Help Accelerate Our Business

Presented by: Gagandeep Singh Chaudhry, Manager, Adobe India

As Adobe and its products, services and platforms grow and expand with great velocity, we require CCF to accelerate along with it as its next level of organic maturity. We are now developing and implementing a controls automation platform which is scalable and will make it easier for teams to onboard controls as well as help eliminate the compliance fatigue imposed on the ops and engineering teams, and still reduce overall security risk by continuous monitoring of controls.

P2PE - So Much More than an Acronym

Presented by: Matt O’Connor, AQM Manager, PCI Security Standards Council and Mike Thompson, Senior Manager, Emerging Standards, PCI Security Standards Council

Mike Thompson and Matt O'Connor delve into the PCI SSC's Point-to-Point Encryption (P2PE) Standard and accompanying Program, providing insight as well as highlights to the payments industry. Please join us while we peer into the many facets and peel back the layers of P2PE.

QA @ PCI: How the Council Ensures Integrity in its Programs

Presented by: Nikki Billman, AQM Manager, Operations, PCI Standards Security Council and Brandy Cumberland, Director of Assessor Quality Management (AQM) Programs, PCI Security Standards Council

With an ever-expanding portfolio of programs, how does PCI SSC maintain the integrity of its Programs? Members of the Assessor Quality Management (AQM) Programs team will provide an overview of PCI SSC Programs and discuss the different approaches to PCI Program integrity.

The Future of Cybersecurity from Hackers Perspective: Hunt for the Attacks Before the Hackers Do!

Presented by: Pak Ho Chan, TVM/PCI Practice Manager / Principal Consultant, THALES and Nicole Wong, Principal Consultant, THALES

Secure your business in the age of digital transformation through the eyes of hackers. With reference to our presentation topic in the 2019 PCI Community Meeting in Europe and APAC, “The Future of Cybersecurity from Hackers Perspective: Building a Forensically Sound Environment Using PCI DSS “, we will take a closer look at Threat Hunting this year and highlight its importance in 21st-century business. We will give the audience an overview of how Threat Hunting can detect and isolate advanced threats that evade existing security controls from their environment. Additionally, this talk will also illustrate how can PCI DSS be used to build a strong foundation for Threat Hunting which eventually reduces the dwell time from ever-evolving cyber-attacks.

Trends and Evolution of Mobile Payments

Presented by: Berny Goodheart, Device Standards Manager, PCI Security Standards Council

In this presentation we'll discuss some of the advancements and trends in security for mobile authentication. We'll discuss biometrics, the Trusted Execution Environment, and Operating System extensions that are used to steer our industry towards secure mobile payments.