Join us at the 2017 Europe Community Meeting
Three days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Europe Community Meeting.
AGENDA
Join us for three days of discovery, updates and insights from regional community figures and merchants and members of the Council.
| Tuesday, 24 October |
||
|---|---|---|
| 10:00 - 18:30 | Registration Open | |
| 13:00 - 13:20 | Welcome Remarks Presented by: Jeremy King, International Director, PCI Security Standards | |
| 13:20 - 14:00 | KEYNOTE: PCI SSC's Strategic Initiatives Presented by: PCI Security Standards Senior Team This session opens the Community Meeting with an extensive look into some of the PCI SSC’s current and global affairs and how, collaboratively, we help secure payment data. | |
| 14:00 - 14:30 | Insights from PCI SSC Board of Advisors, a Panel Discussion Moderated by: Karen Czack, Vice President of Industry Engagement and Regulation within the Global Network Business, American Express and PCI SSC Executive Committee Chairperson Joined by panelists: Pierre Chassigneux, EVP Project & Risk Management Division, Groupement des Cartes Bancaires, Stacy Hughes, SVP of Risk and Compliance, Global Payments and Tracey L. Long, Senior Payment Security PCI DSS Compliance Manager, WorldPay Join this session for a panel discussion of PCI Security Standards Council’s Executive Committee. Members of the PCI SSC Board of Advisors will discuss areas of focus for this year’s Board. | |
| 14:30 - 15:15 | Networking Break and Vendor Showcase | Sponsored by: |
| 15:15 - 16:00 | INDUSTRY KEYNOTE: Where Data Breaches Intersect Compliance Presented by: Christopher Novak, Director, Investigative Response Verizon RISK Team This session will take the audience on a journey through the Verizon Data Breach Investigations Report and Payment Security Report in order to learn how data breaches occur, whom they happen to and how the audience members can avoid being the next victim in the headlines. The audience will learn about the trends that are being seen around the world as well as how they can build a solid compliance and security foundation of their own to create a resilient and evolving security posture. | |
| 16:00 - 17:00 | Security Roadmap for Next Generation of Payments Presented by: Troy Leach, CTO, PCI Security Standards Council Digital payments are evolving rapidly which requires anticipating how cybersecurity attacks will change and how we should expect to protect against them. This session will discuss emerging security trends for 2018 and how new initiatives by the PCI Council plan to address these threats. | |
| 17:00 - 18:45 | Welcome Reception | |
| Wednesday, 25 October | ||
|---|---|---|
| 7:30 - 9:00 | Networking Breakfast and Vendor Showcase | Sponsored by: |
| 9:00 - 9:30 | Welcome Remarks Presented by: Jeremy King, International Director, PCI Security Standards |
|
| 9:30 - 10:30 | Keynote: Lessons from the Miracle on the Hudson Presented by: Jeff Skiles, Co-Pilot of U.S. Airways Flight 1549 When you’re a pilot and both your engines fail over the largest city in America, you must act quickly and independently, but you must also trust in the system that has trained you and prepared you to handle such crisis moments. Jeff Skiles’ story of the “Miracle on the Hudson” would not have the perfect ending if not for years of training and preparation that allowed the two pilots to understand exactly what the other was doing – thus maximizing their time, communication, and effectiveness. Having only met each other three days earlier, Skiles and Sullenberger were able to work together as a team because they trusted in their system and training and the professionalism of everyone involved, from the air-traffic controllers to their crew. As he takes audiences through the nearly catastrophic events leading up to US Airways Flight 1549’s emergency landing on the Hudson River, Skiles delivers the key lessons and principles that made the flight crew prepared, calm, and confident so they could successfully land the plane. If such lessons can save 155 lives when time is tight and every move must be perfect, imagine what these lessons can do for your organization. |
|
| 10:30 - 11:00 | Networking Break and Vendor Showcase | Sponsored by: |
Track One Sponsored by:  Technology Track Sessions will examine technical aspects of payments security standards and implementation. Best suited for those interested in looking at processes and technologies used to protect payment data and supporting systems. | Track Two Business Track Sessions will examine business challenges within payment security and include case studies and best practices. Best suited for those interested in strategic planning and implementation of governance programs for making payments safer. |
|
| 11:00 - 11:30 | Stealing a March: Get Ahead of Changes to Compliance and the Threat Landscape Presented by: Jacob Ansari, QSA (P2PE), PA-QSA (P2PE), CISSP, Director Schellman & Company, LLC We will examine requirements that take effect in January 2018 and the impact on your compliance, particularly multi-factor authentication, but also managing control failures, and segmentation testing. Also, we review existing situations that commonly cause trouble, such as protecting SSL/TLS transmissions, disk encryption, and daily log review. | Navigating the PTS-Approved Device Listings Presented by: Tim Cormier, Manager for Device Standards, PCI Security Standards Council Do you know how to determine whether a payment device is PCI approved? What is it approved to do? Or is that device already expired? Come to this session for a walkthrough and to learn how to read and navigate the PTS listing. This session is intended for merchants, vendors, and QSAs to who want to better understand PTS approvals. |
| 11:40 - 12:10 | PCI DSS... Beyond Compliance and Actually Improving Cyber Defense Presented by: Adetokunbo Omotosho, Managing Consultant, Infoprive It has been observed that most organizations focus on the compliance objective of PCI DSS rather than the real intent of the standard which is to improve payment security as whole. However there are real benefits the standards offer for those really interested in the security of the payment environment . The session will focus on how to improve payment security and gaining the security benefits of the standards outside of the cardholder environment. | Waking Up in an Unaware Industry Presented by: Lina Muriel Beltran, Sales, Marketing & Product Development Director, Sipay Plus and Albert Morell, QSA, Director and Co-founder, A2SECURE This session will describe the struggle between Spanish payment providers and the PCI industry at the beginning of this decade, the Payment Provider’s initial perception of PCI DSS and how PCI helped to evolve its perception towards cybersecurity. Session will also include insight into: • Wake-up call from A2secure. • Why did Sipay start with PCI DSS? • Initial battles to start embracing PCI DSS. • PCI DSS is creating added value. • First and next certifications. • Now: PCI DSS is part of our DNA. • Evangelizing the industry (still there are many SPs/merchants without a PCI/security strategy) • From PCI to secure. |
| 12:20 - 12:50 | Cryptography – Issues and Directions Presented by: Ralph Spencer Poore, Director, Emerging Standards, PCI Security Standards Council This session presents cryptography in the context of payments, advances in cryptanalysis, and the need for transition planning. It builds on basic concepts of effective key strength, symmetric and asymmetric algorithms, secure hashes, digital certificates, and good key management. Includes issues of algorithm sunsetting and impact of quantum computing. | Developing a PCI Security Management System Presented by: Luis Alonso Albir, 27001 Lead Auditor, Grupo SIA SIA will show how PCI DSS may become a trigger for security being business-as-usual while balancing compliance and control efforts with achievements and how PCI DSS can be added to the company's security portfolio and dashboard. |
| 12:50 - 13:50 | Networking Lunch and Vendor Showcase | Sponsored by: |
| 13:50 - 14:20 | Journey to PCI DSS Compliant Private Cloud Presented by: Adam Heczko, Security Engineer, Mirantis Inc. Securing complex computer systems such as OpenStack or Kubernetes clouds is difficult at the very first glance. To make it even worse, attackers can make many mistakes without consequences whereas a defender's single mistake could lead to a security breach. OpenStack and Kubernetes cloud operators need a simple and scalable method for securing their clouds. That starts with grouping components into compartments by its role, placement, intended use case and then looking at how those compartments interact with each other. Those interactions form the backbone of security policies and technical controls. | 2017 Cloud SIG Update Moderated by: John Markh, Standards Manager, PCI Security Standards Council Presented by: Alan Gutierrez-Arana, Director, Risk Advisory Services, National Leader Payment Card Industry (PCI) Services, RSM US LLP, Yusuf Musaji, CEO, Yusufali & Associates (Y&A) and Sam Pfanstiel, Solution Principal, Coalfire Members of the Cloud SIG provide an overview of current SIG efforts to update and enhance the cloud guidance. |
| 14:30 - 15:00 | Fixing Online Fraud - 3DSecure & In-Browser Payments Presented by: Andrew Jamieson, Technical Manager, Underwriters Laboratories and Emma Sutcliffe, Senior Director, Data Security Standards, PCI Security Standards Council This talk will outline how these new technologies work, how they may work together and indeed how they may compete in the changing landscape of online payments. Detail will be provided on how regulation such as PSD2 in Europe may impact the deployment of these technologies around the world, and what these changes may mean for the world of card present acceptance: When a customer can interface to a merchant webstore with a mobile phone that is also their payment mechanism, what is the purpose of the traditional POS? How do solutions such as QR codes interact and impact such technologies? What is 'advanced authentication', and how secure are technologies such as biometrics when applied to payments? | A Customers Journey of Implementing a Validated P2PE Solution, the Problems, Dilemmas and Benefits – A Merchant Experience Case Study Presented by: Tracey L. Long, Senior Payment Security PCI DSS Compliance Manager, WorldPay, Peter Gore, Intel Systems Manager, McColl’s Retails Group and Jo Smith, PCI Business Analyst, WorldPay A case study with one of the UK's largest retailers discussing and highlighting the bumps in the road along implementing a validated and listed P2Pe solution. Their experience of PIM management, the integration process and how their Acquirer assisted along this journey. Discussion will also take place on the benefits of implementing technology to reduce the scope of PCI compliance. |
| 15:10 - 15:40 | Technologies for Application Security and Compliance in the Era of DevOps and Cloud Co- Presenters: John Markh, Standards Manager, PCI Security Standards Council and Joseph Feiman, Chief Innovation Officer, Veracode This “AppSec Survival Guide" evaluates application threats and outlines decision frameworks and technology solutions for building secure applications and application security defenses against attacks by outsiders and insiders. Special attention is paid to the methods of securing applications when organizations adopt innovative Cloud and DevOps paradigms. This research helps organizations to align their application security strategy with evolving PCI security standards for applications. | Extending Your PCI DSS Compliance to Cover General Data Protection Regulation Presented by: Nigel Tranter, Vice President, Payment Software Company (PSC) There's a lot of pressure to ensure that organizations are compliant with the new General Data Protection Regulation (GDPR) regulations by 2018. It's important to understand the intricacies of the relationship between PCI DSS and GDPR. |
| 15:40 - 16:10 | Networking Break and Vendor Showcase | Sponsored by: |
| 16:10 - 16:40 | Cybercriminals Love Your Remote Access: A Hacking Demonstration Presented by: Gary Glover, Vice President of Strategic Partnerships, SecurityMetrics Is your remote access application secure? If not, you could be losing valuable data and not even know it. Unsecured remote access is still the biggest pathway for hackers to find and steal sensitive information. Organizations should understand how easily unprotected card data can be stolen through remote access if they don't secure it. | Simplifying Payment Security for Small Merchants Moderated by: Lauren Holloway, Director of Standards Coordination, PCI Security Standards Council Panelists: Claire Allen, Projects Coordinator, Suresite Group Ltd., Natasja Bolton, Senior Acquirer Support QSA, Sysnet Global Solutions and Michael Christodoulides, Vice President Security and Fraud Product Team, Barclaycard A panel of Small Merchant Business Task Force members: What we’ve created, how it’s being used, where we are. SMB Task Force members including an acquirer, a small merchant representative, and a QSA/ASV provide an update on the Task Force's initiatives, how it is helping small merchants, and how the PCI community can help. |
| 16:50 - 17:20 | What Happens When the Attackers go POStal? Presented by: Andrew Barratt, Managing Principal, Coalfire Systems, Inc Discuss the importance of point of sale security (ecom/mobile/face 2 face) and the risks associated with a weak or untrusted point of sale and how past threats could manipulate these scenarios in the future to cause havoc for merchants. | PCI Service Providers - Gaining Further Assurance of Their PCI Compliance Presented by: Sarah Nicholson, Security Policy, Risk and Compliance Manager, BT PLC The session will cover the methodology and approach taken for BT's Service Provider Assurance Programme. It will cover the initial introduction of the programme, the key stakeholders involved and the importance of communication. It will include the key learning points and the value gained from this inaugural programme. |
| 17:30 - 18:00 | Mobile Security Update Presented by: Elizabeth Terry, Advanced Research Manager, PCI Security Standards Council and Michael Thompson, Standards Manager, PCI Security Standards Council PCI SSC will provide updates on the latest mobile security initiatives including Software-based Authentication on mobile POS and the latest updates to the Mobile Guidelines for Developers and Merchants. | Small Merchant Franchised Strategy Presented by: Mathieu Gorge, CEO and Founder, Vigitrust and Marie-Christine Vittet, Data Risk Manager, AccorHotels Through “a success story” you will discover how AccorHotels enables its franchisees to comply with PCI Standards: • PCI education: demystifying PCI Standards compliance for small merchants • PCI program structure: simplifying the process to provide incentive for merchants to go through with certification the first time - tips to simplify the process and pre populate as many answers as possible • PCI support platform: automated/consultants (internal/external)/QSA-based • PCI business as usual: get continuous buy-in from franchisees to improve and continually augment the program (e.g., extend it to GDPR) • Working with the franchise structure: understanding the key role of master franchisees for the success of the program and franchisee on-boarding best practices • Key performance indicator for PCI programs for franchisees: focus on reporting |
| 18:00 - 19:30 | Networking Reception and Vendor Showcase | Sponsored by: |
| Thursday, 26 October | ||
|---|---|---|
| 7:30 - 9:00 | Networking Breakfast and Vendor Showcase | Sponsored by: |
| 9:00 - 9:15 | Welcome Remarks Presented by: Jeremy King, International Director, PCI Security Standards | |
| 9:15 - 10:15 | Keynote: Rebuilding Security – Lessons Learned from Tragedy Presented by: Anthony Amore, Director of Security and Chief Investigator, Isabella Stewart Gardner Museum The biggest terrorist attack in the history was launched from Boston’s Logan International Airport, and the biggest property theft in the history of the world took place at the Isabella Stewart Gardner Museum, also in Boston. Anthony Amore has worked to rebuild the security at both facilities, and will talk about how an honest examination of both incidents was the key to correcting past failures and protecting them both from future attacks. | |
| 10:15 - 10:45 | Networking Break and Vendor Showcase | Sponsored by: |
| 10:45 - 11:15 | IoT: Can I Really Trust My Coffee Machine Not to Hack My HVAC? Presented by: Tony Gee, Security Consultant, Pen Test Partners LLP This session will look at weaknesses in IoT, show how your building management system may not be as secure as you think, how your connected car can compromise you and how we can geolocate Bluetooth devices, then control them to cause maximum impact. | |
| 11:15 - 12:00 | Barcelona and PCI Security Standards Council es mucho más! Presented by: Mauro Lance, Chief Operating Officer, PCI Security Standards Council Don’t miss this special look into PCI SSC’s inner workings that make it possible to help secure payment data. From programs to partnerships, discover what happens behind the scenes. | |
| 12:00 - 12:30 | Q&A with PCI Security Standards Council and Closing Remarks | |
| 12:30 - 15:30 | Assessor Lunch and Session |
|
Register today to secure your spot at the 2017 Europe Community Meeting.
SPONSORS
Please continue to check back for updates on our Sponsors
PLATINUM SPONSOR
GOLD SPONSOR
SILVER SPONSORS
BRONZE SPONSORS
SPONSORS
Sponsorship Opportunities
An exclusive opportunity to position your company as a leader in the global payment security industry
TESTIMONIALS
TRAINING
Employee Education is the Best Defense for Protecting your Organization’s Data Assets.
In conjunction with the Europe Community Meeting four training courses are available. The trainings will take place at Fairmont Rey Juan Carlos I.
Point-To-Point Encryption Assessor | 17-18 October
The two-day Point-to-Point Encryption Assessor (P2PE) training programs prepare candidates to perform validation of Point-to-Point Encryption solutions and applications against the latest standard in order for those solutions and applications to be listed on the PCI Council website.
Qualified Security Assessor Training | 17-18 October & 19-20 October
The two-day Qualified Security Assessor (QSA) class provides instruction on how to conduct assessments of merchants, institutions and service providers who must be compliant with the PCI DSS.
Internal Security Assessor | 19-20 October
The two-day Internal Security Assessor (ISA) class provides merchants, acquiring banks, and processors the opportunity to build their internal payment data security expertise, as well as increase their efficiency in complying with PCI Standards.
PCI Professional | 23 October
The Payment Card Industry Professional is an individual, entry-level qualification in payment security information and provides you with the tools to build a secure payment environment and help your organization achieve PCI compliance.
VENDOR SHOWCASE
Get the latest updates on the 2017 Community Meetings by joining our mailing list.
