Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2017 Community Meeting.
Join us for two days of discovery, updates and insights from members of the Council and regional community figures and merchants.
Wednesday, 17 May | ||
---|---|---|
7:30 - 18:30 | Registration Open | |
7:30 – 9:00 | Networking Breakfast and Vendor Showcase | |
9:00 - 9:15 | Welcome Remarks Presented by: Jeremy King, International Director, PCI Security Standards Council | |
9:15 - 10:00 | PCI's Strategic Initiatives for 2017 Presented by: Stephen W. Orfei, General Manager, PCI Security Standards Council | |
10:00 – 10:30 | Continuing the Conversation with PCI's Executive Team - A Panel Discussion Presented by: PCI Security Standards Council Moderated by: Laura Gray, Director of Communications, PCI Security Standards Council | |
10:30 – 11:00 | Networking Break and Vendor Showcase | Sponsored by:![]() |
11:00 - 11:45 | Security Roadmap for Next Generation of Payments Digital payments are evolving rapidly which requires anticipating how cybersecurity attacks will change and how we should expect to protect against them. This session will discuss emerging security trends for 2017 and how new initiatives by the PCI Council plan to address these threats. Presented by: Troy Leach, Chief Technology Officer, PCI Security Standards Council | |
11:45 - 12:10 | PCI DSS and the Cloud Perhaps the largest point of confusion with respect to the Payment Card Industry Data Security Standard (PCI DSS) and cloud computing is the question of upon whose shoulders does compliance fall? When a cloud service provider says it’s been validated as PCI DSS compliant, what does that mean for the enterprise customer? According to security experts, organizations shouldn’t expect a PCI DSS-validated cloud provider to relieve them of their PCI DSS obligations. To be PCI DSS-compliant, tenants still have PCI DSS obligations. Presented by: Narendra Sahoo, Director, VISTA InfoSec | |
12:10 - 12:30 | Information Security Trends from Our SOC and Knowledge Base NRI SecureTechnologies has been conducting information security surveys of Japanese enterprises for 14 years. We have also expanded the survey to enterprises in the USA and Singapore. We can provide current risks and security measures based not only on the survey but also on our services such as security assessment or security operations center. Presented by: Eiji Fukushima, Division Head of IT Security Consulting & Solutions, NRI SecureTechnologies, Ltd. | |
12:30 – 13:30 | Networking Lunch and Vendor Showcase | |
13:30 - 14:00 | Global Payment Security Trends with a local APAC Perspective In this session, Foregenix will share their global experience as it relates to regional trends in Asia Pacific. Foregenix will provide real-world insights on drivers for PCI, practical strategies for reducing risk and thought provoking predictions on trends for remainder of the year. The session will impart information to assist in ensuring safer payments for banks, service providers as well as merchants. Presented by: Andrew Henwood, CEO, Foregenix South Africa | |
14:00 - 14:20 | Migrating from SSL and Early TLS -- Real-time Challenges, Issues and How To Overcome Them as a Merchant & Service Provider This is a case study for migrating from SSL and early TLS in a large organisation. Challenges were cost, technology, user experience and dependencies on third parties. The solution was segregating by environment and risk and addressing in steps. This session identifies the requirements and challenges for migrating from SSL and early TLS for a merchant and service-provider environment, including an impact assessment to identify areas of concern. The method used was segregating in different categories based on risk exposure, challenges and ease of implementation to prioritize the migration activities. Planning and a phased approach were used to address challenges and various levels, such as business, technology and contracts. The approach also included monitoring progress and dealing with any evolving constraints, and addressing residual risk on a timely basis. Presented by: Swati Sharma, Senior Specialist Security/PCI QSA, BT Plc. | |
14:20 - 15:00 | A Standards Update for Payment Technologies A current look at the work being done at the PCI Council in the areas of PIN Transaction Security, Point-to-Point Encryption, and Mobile. Presented by: Mike Thompson, Standards Manager, PCI Security Standards Council | |
15:00 – 15:30 | Networking Break and Vendor Showcase | Sponsored by: ![]() |
15:30 - 16:10 | Protecting the Online Channel E-commerce continues to be a priority for the PCI Council as criminals have increased their targeted attacks against online merchants. This session will provide insights into emerging threats in the e-commerce space and PCI Council efforts to help protect payments in the online channel, including recently published e-commerce security best practices and development of security standards to support 3D Secure (3DS). Presented by: Troy Leach, Chief Technology Officer, PCI Security Standards Council | |
16:10 - 16:40 | PCI DSS Learnings from a Hyper-growth Environment This talk will present lessons from implementation and ongoing compliance for a highly dynamic environment distributed globally. The talk will also cover achieving efficiency in PCI DSS implementation. The PCI DSS framework has evolved over time to secure certain types of credit card-related systems and environments. However, many of these environments may not change significantly within one year of the audit period. This talk will present challenges faced due to moving parts and payment solutions being added worldwide. The talk will also cover guidelines on how to be proactively on top of credit card data security so that PCI DSS compliance is consistently maintained. Presented by: Shreyas Kumar, Senior Security Strategist, Uber Technologies Inc. | |
16:40 - 17:00 | QSA Is Not Your Enemy: How Working with a Great QSA Can Help Strengthen Your PCI DSS Compliance Program into "Business as Usual" With the publication of PCI DSS v3.2, the Council shows great emphasis on integrating compliance into business as usual. This talk will cover how a great QSA can help prepare the company for making compliance part of business as usual. This session will cover: Why the QSA is not your greatest enemy, QSA vs. Great QSA, PCI SSC emphasis in the business-as-usual process, how business-as-usual integration reduces efforts spent in annual PCI DSS compliance validation and ongoing compliance planning. Presented by: Thanut Pimhataivoot, Team Leader, IT Compliance & Audit, NTT Data (Thailand) Co., Ltd. | |
17:00 – 18:30 | Networking Reception and Vendor Showcase |
Thursday, 18 May | ||
---|---|---|
7:30 - 12:15 | Registration Open | |
7:30 – 9:00 | Networking Breakfast and Vendor Showcase | |
9:00 - 9:15 | Welcome Remarks | |
9:15 - 10:15 | Security Awareness, Policies, Practices and Challenges Security awareness is the first step to implementing an information security program. This session will provide a discussion of security awareness with emphasis on policies, best practices, and challenges. A number of case studies in Thailand will be presented. Presented by: Chalee Vorakulpipat, CISSP, CISA, PMP, National Electronics and Computer Technology Center (NECTEC), Thailand | |
10:15 - 10:45 | Networking Break and Vendor Showcase | |
10:45 - 11:15 | EMV® Payment Tokenisation Delegates will receive an update on EMVCo’s work to collaborate with the payments industry on the EMV®* payment tokenisation specifications that facilitate consistent, secure and interoperable digital payments when using a mobile handset, tablet, personal computer or other smart device. This includes an: · Insight into the focus of EMVCo’s payment tokenisation activity, including the latest advancements of the EMV Payment Tokenisation Specification – Technical Framework. · Details of the new actors playing a key role in this new ecosystem: token requestors, token service providers and BIN controllers. · Introduction to EMV Payment Account Reference (PAR) and its role in securing payments. · Update on what’s next for the Payment Tokenisation Working Group at EMVCo. *EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo. Presented by: Lib de Veyra, Vice President of Emerging Technologies for JCB International | |
11:15 - 11:35 | Mobile Payments: Challenges & Actions The session discusses the challenges of mobile payments and the threats involved, with some recommendations. The presentation is based on analysis done using the National Standard for Mobile Payment (CBE Standard), along with PCI SSC guidelines and a risk analysis of mobile payments from some of my customers. Presented by: Ahmed Selim, Professional Service Manager, Security Meter | |
11:35 - 12:05 | Bringing it All Together - Regional Insights a Panel Discussion Join this session for a panel discussion moderated by a member of PCI Security Standards Council’s Executive Committee. Panelists will discuss regional issues and areas of focus. Don’t miss this session that is sure to bring together the day’s topics. Presented by: Mike Matan, Vice President, Network Industry Engagement, Product and Marketing, American Express and PCI SSC Executive Committee Chairperson | |
12:05 - 12:35 | Making a Global Impact with PCI SSC: How You Can Get Involved and Resource Overview Presented by Jeremy King, International Director, PCI Security Standards Council and Mark Meissner, VP Public Relations, PCI Security Standards Council | |
12:35 - 13:00 | Q&A with Executive Team and Closing Remarks |
Register today to secure your spot at the 2017 Asia-Pacific Community Meeting.
"Immense information shared!"
"I liked networking and the ability to ask PCI SSC staff questions."
"Listening to PCI Council members talking to you about the major updates and strategies of the council is a truly amazing experience. The opportunity to get in contact with industry peers and professionals on a one-to-one basis is a key takeaway from the meeting."
Employee Education is the Best Defense for Protecting your Organization’s Data Assets.
In conjunction with the Asia-Pacific Community Meeting two training courses are available, allowing attendees to make the most of their travel time and budgets. The trainings will take place at Intercontinental Bangkok.
Qualified Security Assessor Training | 11-12 May
The two-day Qualified Security Assessor (QSA) class provides instruction on how to conduct assessments of merchants, institutions and service providers who must be compliant with the PCI DSS.
Internal Security Assessor Training | 15-16 May
The two-day Internal Security Assessor (ISA) class provides merchants, acquiring banks, and processors the opportunity to build their internal payment data security expertise, as well as increase their efficiency in complying with PCI Standards.
Current Exhibitors:
Get the latest updates on the 2017 Community Meetings by joining our mailing list.
Our website uses both essential and non-essential cookies (further described in our Privacy Policy) to analyze use of our products and services. By clicking “ACCEPT” below, you are agreeing to our use of non-essential cookies to provide third parties with information about your usage and activities. If you click “DECLINE” below, we will continue to use essential cookies for the operation of the website.