Europe Community Meeting

Location: Barcelona, Spain
Date: 24 – 26 October

Register Now

Join us at the 2017 Europe Community Meeting

Three days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Europe Community Meeting.

AGENDA

Join us for three days of discovery, updates and insights from regional community figures and merchants and members of the Council.

Tuesday, 24 October
10:00 - 18:30 Registration Open
13:00 - 13:20Welcome Remarks
Presented by: Jeremy King, International Director, PCI Security Standards
13:20 - 14:00PCI SSC's Strategic Initiatives
Presented by: PCI Security Standards Senior Team
14:00 - 14:30Insights from PCI SSC Board of Advisors, a Panel Discussion
Moderated by: Karen Czack, Vice President of Industry Engagement and Regulation within the Global Network Business, American Express and PCI SSC Executive Committee Chairperson
Joined by panelists: Pierre Chassigneux, EVP Project & Risk Management Division, Groupement des Cartes Bancaires and Tracey L. Long, Senior Payment Security PCI DSS Compliance Manager, WorldPay
14:30 - 15:15Networking Break and Vendor Showcase
15:15 - 16:00INDUSTRY KEYNOTE: Where Data Breaches Intersect Compliance
Presented by: Christopher Novak, Director, Investigative Response Verizon RISK Team

This session will take the audience on a journey through the Verizon Data Breach Investigations Report
and Payment Security Report in order to learn how data breaches occur, whom they happen to and how
the audience members can avoid being the next victim in the headlines. The audience will learn about the
trends that are being seen around the world as well as how they can build a solid compliance and security
foundation of their own to create a resilient and evolving security posture.


16:00 - 17:00Security Roadmap for Next Generation of Payments
Presented by: Troy Leach, CTO, PCI Security Standards Council

Digital payments are evolving rapidly which requires anticipating how cybersecurity attacks will change and how we should expect to protect against them. This session will discuss emerging security trends for 2018 and how new initiatives by the PCI Council plan to address these threats.

17:00 - 18:45Welcome Reception and Vendor Showcase
Wednesday, 25 October
7:30 - 9:00Networking Breakfast and Vendor Showcase
9:00 - 9:30Welcome Remarks
Presented by: Jeremy King, International Director, PCI Security Standards
9:30 - 10:30Keynote: “The Miracle on the Hudson"
Presented by: Jeff Skiles, Co-Pilot of U.S. Airways Flight 1549

When you’re a pilot and both your engines fail over the largest city in America, you must act quickly and independently, but you must also trust in the system that has trained you and prepared you to handle such crisis moments. Jeff Skiles’ story of the “Miracle on the Hudson” would not have the perfect ending if not for years of training and preparation that allowed the two pilots to understand exactly what the other was doing – thus maximizing their time, communication, and effectiveness. Having only met each other three days earlier, Skiles and Sullenberger were able to work together as a team because they trusted in their system and training and the professionalism of everyone involved, from the air-traffic controllers to their crew. As he takes audiences through the nearly catastrophic events leading up to US Airways Flight 1549’s emergency landing on the Hudson River, Skiles delivers the key lessons and principles that made the flight crew prepared, calm, and confident so they could successfully land the plane. If such lessons can save 155 lives when time is tight and every move must be perfect, imagine what these lessons can do for your organization.
10:30 - 11:00Networking Break and Vendor Showcase
Track One

Sponsored by:

 Technology Track
Sessions will examine technical aspects of payments security standards and implementation. Best suited for those interested in looking at processes and technologies used to protect payment data and supporting systems.

Track Two
Business Track
Sessions will examine business challenges within payment security and include case studies and best practices. Best suited for those interested in strategic planning and implementation of governance programs for making payments safer.

11:00 - 11:30Stealing a March: Get Ahead of Changes to Compliance and the Threat Landscape
Presented by: Jacob Ansari, QSA (P2PE), PA-QSA (P2PE), CISSP, Director Schellman & Company, LLC

We will examine requirements that take effect in January 2018 and the impact on your compliance, particularly multi-factor authentication, but also managing control failures, and segmentation testing. Also, we review existing situations that commonly cause trouble, such as protecting SSL/TLS transmissions, disk encryption, and daily log review.


PIN Transaction Security Standard updates and Navigating PTS Device listings
Presented by: Tim Cormier, Manager for Device Standards, PCI Security Standards Council

Do you know how to determine whether a payment device is PCI approved? What is it approved to do? Or is that device already expired? Come to this session for a walkthrough and to learn how to read and navigate the PTS listing. This session is intended for merchants, vendors, and QSAs to who want to better understand PTS approvals.
11:40 - 12:10PCI DSS... Beyond Compliance and Actually Improving Cyber Defense
Presented by: Adetokunbo Omotosho, Managing Consultant, Infoprive

It has been observed that most organizations focus on the compliance objective of PCIDSS rather than the real intent of the standard which is to improve payment security as whole. However , there are real benefits the standards offer for those really interested in the security of the payment environment . The session would focus on how to improve payment security and gaining the security benefits of the standards outside of the cardholder environment.

Waking Up in an Unaware Industry
Presented by: Lina Muriel, Head of Marketing, Sipay Plus, Payment Provider and Richard de Nijs, Founder/CEO, A2secure, QSA Company

This session will describe the struggle between Spanish payment providers and the PCI industry at the beginning of this decade, the Payment Provider’s initial perception of PCI DSS and how PCI helped to evolve its perception towards cybersecurity. Session will also include insight into:

• Wake-up call from A2secure.
• Why did Sipay start with PCI DSS?
• Initial battles to start embracing PCI DSS.
• PCI DSS is creating added value.
• First and next certifications.
• Now: PCI DSS is part of our DNA.
• Evangelizing the industry (still there are many SPs/merchants without a PCI/security strategy)
• From PCI to secure.

12:20 - 12:50Cryptography – Issues and Directions
Presented by: Ralph Poore, Director, Emerging Standards, PCI Security Standards Council

This session presents cryptography in the context of payments, advances in cryptanalysis, and the need for transition planning. It builds on basic concepts of effective key strength, symmetric and asymmetric algorithms, secure hashes, digital certificates, and good key management. Includes issues of algorithm sunsetting and impact of quantum computing.
Developing a PCI Security Management System
Presented by: Luis Alonso Albir, PCI QSA, CISA, 27001 Lead Auditor, Grupo SIA

SIA will show how PCI DSS may become a trigger for security being business-as-usual while balancing compliance and control efforts with achievements and how PCI DSS can be added to the company's security portfolio and dashboard.


12:50 - 13:50Networking Lunch and Vendor Showcase
13:50 - 14:20Journey to PCI DSS Compliant Private Cloud
Presented by: Adam Heczko, Security Engineer, Mirantis Inc.

Securing complex computer systems such as OpenStack or Kubernetes clouds is difficult at the very first glance. To make it even worse, attackers can make many mistakes without consequences whereas a defender's single mistake could lead to a security breach. OpenStack and Kubernetes cloud operators need a simple and scalable method for securing their clouds. That starts with grouping components into compartments by its role, placement, intended use case and then looking at how those compartments interact with each other. Those interactions form the backbone of security policies and technical controls.


2017 Cloud SIG update
Presented by: Presented by: John Markh, Security Standards Manager, Sam Pfanstiel, Solution Principal, Coalfire, Yusuf Musaji, Founder and CEO of Yusufali & Associates (Y&A) and Panelist TBD

Members of the Cloud SIG provide an overview of current SIG efforts to update and enhance the cloud guidance.


14:30 - 15:00Fixing Online Fraud - 3DSecure & In-Browser Payments
Presented by: Andrew Jamieson, Technical Manager, Underwriters Laboratories and Emma Sutcliffe, Senior Director, Data Security Standards, PCI Security Standards Council

This talk will outline how these new technologies work, how they may work together and indeed how they may compete in the changing landscape of online payments. Detail will be provided on how regulation such as PSD2 in Europe may impact the deployment of these technologies around the world, and what these changes may mean for the world of card present acceptance: When a customer can interface to a merchant webstore with a mobile phone that is also their payment mechanism, what is the purpose of the traditional POS? How do solutions such as QR codes interact and impact such technologies? What is 'advanced authentication', and how secure are technologies such as biometrics when applied to payments?
A Customers Journey of Implementing a Validated P2Pe Solution, the Problems, Dilemmas and Benefits - A Merchant Experience Case Study
Presented by: Tracey L. Long, Senior Payment Security PCI DSS Compliance Manager, WorldPay

A case study with one of the UK's largest retailers discussing and highlighting the bumps in the road along implementing a validated and listed P2Pe solution. Their experience of PIM management, the integration process and how their Acquirer assisted along this journey. Discussion will also take place on the benefits of implementing technology to reduce the scope of PCI compliance.

15:10 - 15:40Technologies for Application Security and Compliance in the Era of DevOps and Cloud
Co- Presenters: Jake Marcinko, Standards Manager, PCI Security Standards Council and Joseph Feiman, Chief Innovation Officer, Veracode

This “AppSec Survival Guide"" evaluates application threats and outlines decision frameworks and technology solutions for building secure applications and application security defenses against attacks by outsiders and insiders. Special attention is paid to the methods of securing applications when organizations adopt innovative Cloud and DevOps paradigms. This research helps organizations to align their application security strategy with evolving PCI security standards for applications.
Extending Your PCI DSS Compliance to Cover General Data Protection Regulation
Presented by: Nigel Tranter, Payment Software Company (PSC)

There's a lot of pressure to ensure that organizations are compliant with the new General Data Protection Regulation (GDPR) regulations by 2018. It's important to understand the intricacies of the relationship between PCI DSS and GDPR.






15:40 - 16:10Networking Break and Vendor Showcase
16:10 - 16:40Cybercriminals Love Your Remote Access: A Hacking Remote Access Demonstration
Presented by: Gary Glover, Vice President of Strategic Partnerships, SecurityMetrics

Is your remote access application secure? If not, you could be losing valuable data and not even know it. Unsecured remote access is still the biggest pathway for hackers to find and steal sensitive information. Organizations should understand how easily unprotected card data can be stolen through remote access if they don't secure it.


Simplifying Payment Security for Small Merchants
Presented by: Claire Allen, Projects Coordinator, Suresite Group Ltd., Natasja Bolton, Senior Acquirer Support QSA, Sysnet Global Solutions, Michael Christodoulides, Vice President Security and Fraud Product Team, Barclaycard, and moderated by Lauren Holloway, Director of Standards Coordination, PCI Security Standards Council

A panel of Small Merchant Business Task Force members: What we’ve created, how it’s being used, where we are.

SMB Task Force members including an acquirer, a small merchant representative, and a QSA/ASV provide an update on the Task Force's initiatives, how it is helping small merchants, and how the PCI community can help.
16:50 - 17:20What Happens When the Attackers go POStal?
Presented by: Andrew Barratt, QSA, PA QSA, P2PE QSA, PA-P2PE QSA Managing Principal, Coalfire Systems, Inc

Discuss the importance of point of sale security (ecom/mobile/face 2 face) and the risks associated with a weak or untrusted point of sale and how past threats could manipulate these scenarios in the future to cause havoc for merchants.


PCI Service Providers - Gaining Further Assurance of Their PCI Compliance
Presented by: Sarah Nicholson, PCIP, FIET, BEng Hons, Security Policy, Risk and Compliance Manager, BT PLC

The session will cover the methodology and approach taken for BT's Service Provider Assurance Programme. It will cover the initial introduction of the programme, the key stakeholders involved and the importance of communication. It will include the key learning points and the value gained from this inaugural programme.

17:30 - 18:00Mobile Security Update
Presented by: Elizabeth Terry, Advanced Research Manager, PCI Security Standards Council and Michael Thompson, Standards Manager, PCI Security Standards Council

PCI SSC will provide updates on the latest mobile security initiatives including Software-based Authentication on mobile POS and the latest updates to the Mobile Guidelines for Developers and Merchants.
Small Merchant Franchised Strategy
Presented by: Mathieu Gorge, CEO and Founder, Vigitrust and Marie-Christine Vittet, Data Risk Manager, AccorHotels

Through “A success story” you will discover how AccorHotels embarks its franchisees to comply with PCI.

• PCI education: Demystifying PCI for small merchants
• PCI program structure: simplifying the process to incentivize merchants to go through with certification first time - tips to simplify the process & pre-populate as many answers as possible
• PCI support platform: automated/consultants (internal/external) / QSA based
• PCI BAU: get continuous buy in from franchisees to improve & continually augment the program (e.g. Extend it to GDPR)
• Working with the franchise structure: understanding the key role of master franchisees for the success of the program & franchisee on boarding best practices
• KPI for PCI programs for franchisees: focus on reporting



18:00 - 19:30Networking Reception and Vendor Showcase
Thursday, 26 October
7:30 - 9:00Networking Breakfast and Vendor Showcase
9:00 - 9:15Welcome Remarks
Presented by: Jeremy King, International Director, PCI Security Standards
9:15 - 10:15Keynote: Rebuilding Security: Lessons Learned from Tragedy
Presented by: Anthony Amore, Director of Security and Chief Investigator, Isabella Stewart Gardner Museum

The biggest terrorist attack in the history was launched from Boston’s Logan International Airport, and the biggest property theft in the history of the world took place at the Isabella Stewart Gardner Museum, also in Boston. Anthony Amore has worked to rebuild the security at both facilities, and will talk about how an honest examination of both incidents was the key to correcting past failures and protecting them both from future attacks.
10:15 - 10:45Networking Break and Vendor Showcase
10:45 - 11:15How IoT is Exposing Your Privates…
Presented by: Tony Gee, Security Consultant, Pen Test Partners LLP

A look at IoT weaknesses in devices that REALLY don’t need IoT. IoT is invading every aspect of our lives, however, developers often have not thought about the privacy and security implications of these devices. This can lead to some truly revealing situations, that have implications to revenue streams across the globe.
11:15 - 12:00Behind the Magic: The Inner Workings of the PCI Security Standards Council
Presented by: Mauro Lance, Chief Operations Officer, PCI Security Standards
12:00 - 12:30Q&A with PCI Security Standards Council and Closing Remarks
12:30 - 15:30Assessor Lunch and Session

Register today to secure your spot at the 2017 Europe Community Meeting.

SPONSORS

Please continue to check back for updates on our Sponsors

 

GOLD SPONSOR

Verizon

 

SILVER SPONSORS

 

PCI PAL

 

BRONZE SPONSORS

Microsoft

 

SPONSORS

CarbonBlack-Logo-Primary-RGBBlack

 

 

Sponsorship Opportunities

 

An exclusive opportunity to position your company as a leader in the global payment security industry

TESTIMONIALS

TRAINING

Employee Education is the Best Defense for Protecting your Organization’s Data Assets.

In conjunction with the Europe Community Meeting four training courses are available. The trainings will take place at Fairmont Rey Juan Carlos I.

P2PE_Training_Icon

Point-To-Point Encryption Assessor | 17-18 October

The two-day Point-to-Point Encryption Assessor (P2PE) training programs prepare candidates to perform validation of Point-to-Point Encryption solutions and applications against the latest standard in order for those solutions and applications to be listed on the PCI Council website.

QSA_Training_Icon

Qualified Security Assessor Training | 17-18 October & 19-20 October

The two-day Qualified Security Assessor (QSA) class provides instruction on how to conduct assessments of merchants, institutions and service providers who must be compliant with the PCI DSS.

ISA_Training_Icon

Internal Security Assessor | 19-20 October

The two-day Internal Security Assessor (ISA) class provides merchants, acquiring banks, and processors the opportunity to build their internal payment data security expertise, as well as increase their efficiency in complying with PCI Standards.

PCIP_Training_Icon

PCI Professional | 23 October

The Payment Card Industry Professional is an individual, entry-level qualification in payment security information and provides you with the tools to build a secure payment environment and help your organization achieve PCI compliance.

Get the latest updates on the 2017 Community Meetings by joining our mailing list.