Join us for two days of discovery, strategies and insights from regional community leaders and merchants – as well as updates from members of the Council.

Wednesday, 17 May
7:30 - 18:30 Registration Open
7:30 – 9:00 Networking Breakfast and Vendor Showcase
9:00 - 9:15Welcome Remarks
Presented by: Jeremy King, International Director, PCI Security Standards Council
9:15 - 10:00

PCI's Strategic Initiatives for 2017
Presented by: Stephen W. Orfei, General Manager, PCI Security Standards Council
10:00 – 10:30
Continuing the Conversation with PCI's Executive Team - A Panel Discussion
Presented by: PCI Security Standards Council
Moderated by: Laura Gray, Director of Communications, PCI Security Standards Council
10:30 – 11:00Networking Break and Vendor ShowcaseSponsored by:
11:00 - 11:45Security Roadmap for Next Generation of Payments
Digital payments are evolving rapidly which requires anticipating how cybersecurity attacks will change and how we should expect to protect against them. This session will discuss emerging security trends for 2017 and how new initiatives by the PCI Council plan to address these threats.

Presented by: Troy Leach, Chief Technology Officer, PCI Security Standards Council
11:45 - 12:10PCI DSS and the Cloud
Perhaps the largest point of confusion with respect to the Payment Card Industry Data Security Standard (PCI DSS) and cloud computing is the question of upon whose shoulders does compliance fall?

When a cloud service provider says it’s been validated as PCI DSS compliant, what does that mean for the enterprise customer? According to security experts, organizations shouldn’t expect a PCI DSS-validated cloud provider to relieve them of their PCI DSS obligations. To be PCI DSS-compliant, tenants still have PCI DSS obligations.

Presented by: Narendra Sahoo, Director, VISTA InfoSec
12:10 - 12:30Information Security Trends from Our SOC and Knowledge Base
NRI SecureTechnologies has been conducting information security surveys of Japanese enterprises for 14 years. We have also expanded the survey to enterprises in the USA and Singapore. We can provide current risks and security measures based not only on the survey but also on our services such as security assessment or security operations center.

Presented by: Eiji Fukushima, Division Head of IT Security Consulting & Solutions, NRI SecureTechnologies, Ltd.
12:30 – 13:30 Networking Lunch and Vendor Showcase
13:30 - 14:00Global Payment Security Trends with a local APAC Perspective
In this session, Foregenix will share their global experience as it relates to regional trends in Asia Pacific.

Foregenix will provide real-world insights on drivers for PCI, practical strategies for reducing risk and thought provoking predictions on trends for remainder of the year.

The session will impart information to assist in ensuring safer payments for banks, service providers as well as merchants.

Presented by: Andrew Henwood, CEO, Foregenix South Africa
14:00 - 14:20Migrating from SSL and Early TLS -- Real-time Challenges, Issues and How To Overcome Them as a Merchant & Service Provider
This is a case study for migrating from SSL and early TLS in a large organisation. Challenges were cost, technology, user experience and dependencies on third parties. The solution was segregating by environment and risk and addressing in steps.

This session identifies the requirements and challenges for migrating from SSL and early TLS for a merchant and service-provider environment, including an impact assessment to identify areas of concern. The method used was segregating in different categories based on risk exposure, challenges and ease of implementation to prioritize the migration activities. Planning and a phased approach were used to address challenges and various levels, such as business, technology and contracts. The approach also included monitoring progress and dealing with any evolving constraints, and addressing residual risk on a timely basis.

Presented by: Swati Sharma, Senior Specialist Security/PCI QSA, BT Plc.
14:20 - 15:00A Standards Update for Payment Technologies
A current look at the work being done at the PCI Council in the areas of PIN Transaction Security, Point-to-Point Encryption, and Mobile.

Presented by: Mike Thompson, Standards Manager, PCI Security Standards Council
15:00 – 15:30 Networking Break and Vendor ShowcaseSponsored by:
15:30 - 16:10Protecting the Online Channel
E-commerce continues to be a priority for the PCI Council as criminals have increased their targeted attacks against online merchants. This session will provide insights into emerging threats in the e-commerce space and PCI Council efforts to help protect payments in the online channel, including recently published e-commerce security best practices and development of security standards to support 3D Secure (3DS).

Presented by: Troy Leach, Chief Technology Officer, PCI Security Standards Council
16:10 - 16:40PCI DSS Learnings from a Hyper-growth Environment
This talk will present lessons from implementation and ongoing compliance for a highly dynamic environment distributed globally. The talk will also cover achieving efficiency in PCI DSS implementation.

The PCI DSS framework has evolved over time to secure certain types of credit card-related systems and environments. However, many of these environments may not change significantly within one year of the audit period. This talk will present challenges faced due to moving parts and payment solutions being added worldwide. The talk will also cover guidelines on how to be proactively on top of credit card data security so that PCI DSS compliance is consistently maintained.

Presented by: Shreyas Kumar, Senior Security Strategist, Uber Technologies Inc.
16:40 - 17:00QSA Is Not Your Enemy: How Working with a Great QSA Can Help Strengthen Your PCI DSS Compliance Program into "Business as Usual"
With the publication of PCI DSS v3.2, the Council shows great emphasis on integrating compliance into business as usual. This talk will cover how a great QSA can help prepare the company for making compliance part of business as usual. This session will cover: Why the QSA is not your greatest enemy, QSA vs. Great QSA, PCI SSC emphasis in the business-as-usual process, how business-as-usual integration reduces efforts spent in annual PCI DSS compliance validation and ongoing compliance planning.

Presented by: Thanut Pimhataivoot, Team Leader, IT Compliance & Audit, NTT Data (Thailand) Co., Ltd.
17:00 – 18:30 Networking Reception and Vendor Showcase

Thursday, 18 May
7:30 - 12:15Registration Open
7:30 – 9:00 Networking Breakfast and Vendor Showcase
9:00 - 9:15

Welcome Remarks
Presented by: Jeremy King, International Director, PCI Security Standards Council

9:15 - 10:15Security Awareness, Policies, Practices and Challenges
Security awareness is the first step to implementing an information security program. This session will provide a discussion of security awareness with emphasis on policies, best practices, and challenges. A number of case studies in Thailand will be presented.

Presented by: Chalee Vorakulpipat, CISSP, CISA, PMP, National Electronics and Computer Technology Center (NECTEC), Thailand
10:15 - 10:45 Networking Break and Vendor Showcase
10:45 - 11:15EMV® Payment Tokenisation
Delegates will receive an update on EMVCo’s work to collaborate with the payments industry on the EMV®* payment tokenisation specifications that facilitate consistent, secure and interoperable digital payments when using a mobile handset, tablet, personal computer or other smart device. This includes an:
· Insight into the focus of EMVCo’s payment tokenisation activity, including the latest advancements of the EMV Payment Tokenisation Specification – Technical Framework.
· Details of the new actors playing a key role in this new ecosystem: token requestors, token service providers and BIN controllers.
· Introduction to EMV Payment Account Reference (PAR) and its role in securing payments.
· Update on what’s next for the Payment Tokenisation Working Group at EMVCo.
*EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo.

Presented by: Lib de Veyra, Vice President of Emerging Technologies for JCB International

11:15 - 11:35Mobile Payments: Challenges & Actions
The session discusses the challenges of mobile payments and the threats involved, with some recommendations. The presentation is based on analysis done using the National Standard for Mobile Payment (CBE Standard), along with PCI SSC guidelines and a risk analysis of mobile payments from some of my customers.

Presented by: Ahmed Selim, Professional Service Manager, Security Meter
11:35 - 12:05Bringing it All Together - Regional Insights a Panel Discussion
Join this session for a panel discussion moderated by a member of PCI Security Standards Council’s Executive Committee. Panelists will discuss regional issues and areas of focus. Don’t miss this session that is sure to bring together the day’s topics.

Presented by: Mike Matan, Vice President, Network Industry Engagement, Product and Marketing, American Express and PCI SSC Executive Committee Chairperson
12:05 - 12:35Making a Global Impact with PCI SSC: How You Can Get Involved and Resource Overview
Presented by Jeremy King, International Director, PCI Security Standards Council and Mark Meissner, VP Public Relations, PCI Security Standards Council
12:35 - 13:00Q&A with Executive Team and Closing Remarks

Pin It on Pinterest