Join us for three days of discovery, updates and insights from members of the Council, regional community figures and merchants.

Registration Now Open
  • Tuesday, 22 Oct
  • Wednesday, 23 Oct
  • Thursday, 24 Oct

Tuesday, 22 October

13:00 - 13:15

Opening Remarks: Collaboration and Community - Working Together to Secure Payment Data

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

A brief overview on how the community is coming together in many ways on many levels to build a secure future of payments.
13:15 - 13:30

Community Meeting Kick-Off

Presented by: Jeremy King, International Director – Europe, PCI Security Standards Council

Don’t miss important information about the event and all that is in store. Learn how to make the most of your time while in Dublin.
13:30 - 14:15

Panel: Council Insights from Board of Advisors and Industry Partners

Moderated by: Laura Gray, Senior Director of Communications, PCI Security Standards Council

Panelists: Stacy Hughes, SVP - IT Governance, Risk and Compliance, CPA, CITP, CRISC, CISM, Global Payments Inc.; Gabriel Moynagh, Chief Executive Officer, Sysnet Global Solutions and Marie-Christine Vittet, Data Compliance Manager, ACCOR

Join this engaging discussion to hear how panelists have worked in collaboration with the Council, and have lent their insight and expertise to the mission of enhancing global payment account data security.
14:15 - 15:00

Industry Keynote: Cybersecurity: Past, Present, and Future

Presented by: Joshua Costa, Senior Consultant, Investigative Response, Verizon Threat Research Advisory Center (VTRAC) and Christopher Novak, Co-founder and Global Director, Verizon Threat Research Advisory Center (VTRAC)

Christopher Novak and Joshua Costa will walk through the evolution of the cybersecurity landscape. The session will discuss how threat actors have modified their hacking tradecraft in an attempt to get ahead of today’s security enhancements. Real world investigative examples will be used to highlight and demonstrate how this has been seen within the payment card industry related to both card-present and card-not-present transactions. The session will also provide recommendations and takeaways that can aid attendees in their PCI compliance and security journey and reduce their breach profile.
15:00 - 15:30

Networking Break and Vendor Showcase

15:30 - 16:00

PCI SSC Turns 13: What's Ahead

Presented by: Troy Leach, Chief Technology Officer, PCI Security Standards Council

Reflecting on the changes in payments over our history that has influenced upcoming standards such as DSS v4.0, Software Security Framework and the PCI SSC’s new engagement model.
16:00 - 16:45

Understanding PCI DSS 4.0

Presented by: Lauren Holloway, Director of Data Security Standards, PCI Security Standards Council

PCI DSS v4 is anticipated to introduce new requirements and new approaches to validation to accommodate the evolving payments environment. Join us to hear about these changes and how you can participate in the upcoming feedback period.
16:45 - 17:15

P2PE v3.0 Update

Presented by: Matt O’Connor, AQM Manager, PCI Security Standards Council and Michael Thompson, Senior Standards Manager, Emerging Standards, PCI Security Standards Council

Join this session for an insightful tour of the highlights of P2PE v3.0.
17:15 - 17:45

Software Security Framework: Roadmap, Impact and Next Steps

Presented by: John Bloomfield, Standards Development Manager, Data Security Standards, PCI Security Standards Council and Elizabeth Terry, Community Engagement Manager, PCI Security Standards Council

Join PCI SSC to hear about the Software Security Framework to learn how the two standards within the framework work together and the impact on participants in the SSF program and the PA-DSS Program. You will also hear how the SSF may benefit your organization through use cases that highlight the interaction between the two standards. Finally, next steps for the framework in 2019 and beyond will be discussed.
17:45 - 17:50

Day 1 Closing Remarks

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

Reflecting on Day 1 and bringing it all together.
18:00 - 20:00

Welcome Party

Come one, come all, to the greatest show in security. Join us under the big top for PCI SSC's “Cirque du Security” Welcome Party and step into the bygone era of the vintage circus.

Sponsored by

Wednesday, 23 October

07:30 - 09:00

Networking Breakfast and Vendor Showcase

Sponsored by

09:00 - 09:15

Welcome Remarks

Presented by: Jeremy King, International Director – Europe, PCI Security Standards Council

09:15 - 10:15

Keynote: People as the Strongest Link in Cyber Security

Presented by: Dr Jessica Barker, Co-Founder, Co-CEO, Cygenta

Humans are often regarded as the ‘weakest link’ when it comes to cyber security, but in this presentation Jessica will highlight where humans have got it right. Using research from psychology, sociology and behavioral economics, and rooted in her work in cyber security, Jessica will show why people are susceptible to social engineering, why security needs to be better-designed for humans and what we as an industry can do to engage with and empower people when it comes to cyber security.
10:15 - 10:45

Networking Break and Vendor Showcase

10:45 - 11:15

Track One (Closing the Talent Gap in the Cybersecurity Industry)

Closing the Talent Gap in the Cybersecurity Industry

Education and Training Opportunities to Recruit Diverse Payment Security Professionals - A Panel Discussion

Moderated by: Robin Trickel, CISSP, Vice President, Industry Engagement, American Express Global Network

Panelists: Lance J. Johnson, Executive Director, PCI Security Standards Council; Tracey Long, Senior Payment Data Security Manager, Worldpay from FIS and Kathy Orner, CISA, CISM, CGEIT, Vice President, Chief Risk Officer, CWT

Track Two (Implementation of Best Practices)

Implementation of Best Practices

It's All Connected: How Scanning Sustains Security

Presented by: Beck Larson, ASV, Director, CoalfireOne Scanning Services, Coalfire Systems, Inc

Scanning is viewed as a fire-and-forget method to attaining security – yet how many realize that it is a dynamic effort, and cannot have a static approach if it is to support a vulnerability management program? This talk will frame what scanning is and why we do it; how scanning is typically misunderstood, mismanaged and maligned; how scanning should be viewed as a preventative measure; and that we as a security community would benefit from collaboration in identifying common vulnerabilities.
11:25 - 11:55

Track One

PCI SSC Associate QSA Program Bridging the Skills Shortage Gap

Presented by: Oleg Aksyonenko, PCI Practice Lead, Advantio; Irmantas Brazaitis, CISM, CISA, CISSP, PCI QSA, Security Consultant, Advantio and Gill Woodcock, Senior Director of Certification Programs, PCI Security Standards Council

Track Two

PCI DSS for Large Organizations, 2019 SIG Effort

Presented by: John Bloomfield, Standards Development Manager, Data Security Standards, PCI Security Standards Council; Gary Glover, Vice President of Security Assessment, SecurityMetrics and Simon Turner, PCI DSS Consultant, QSA, CISSP, CISM, CISA, BT

12:05 - 12:35

Track One

Making Organizations Stronger with Diversity, Networking and Mentorship

Presented by: Stephanie Benoit-Kurtz, MBA, CCISO, CGEIT, CRISC, CHP, Director of Cyber Security, Station Casinos

As a woman in senior leadership and IT often times the seat at the table is a bit intimidating. Often females are dismissed as not having either the technical knowledge or business prowess to make key decisions around PCI issues. Learn to leverage knowledge, skill, and fact-based analysis to drive past the diversity issue. Take away some best practices around building processes, gaining trust and creating tools that will establish credibility among peers and executives.

Track Two

Scoping…A Week That Pays Results in Complex Environments

Presented by: Walid Barakat, Vice President - External Compliance, Global Payments Inc and Stacy Hughes, SVP - IT Governance, Risk and Compliance, CPA, CITP, CRISC, CISM, Global Payments Inc.

This presentation examines engagement internally within Global Payments to: 1) review cardholder data flow diagrams, 2) significant changes, 3) cloud environments, 4) sampling, 5) upfront evidence gathering, 6) utilizing ISAs, 7) benefits related to ongoing security posture and compliance efforts, 8) control metrics, and 9) overall governance through the IT GRC team. This approach has helped to gain efficiencies and knowledge of Global’s environments with their assessors.
12:35 - 13:35

Networking Lunch and Vendor Showcase

Sponsored by

13:35 - 14:05

Track One (Inside the Threat Landscape)

Inside the Threat Landscape
Track Sponsored by

Website Supply Chain: Your Hidden Risk

Presented by: Paul Guthrie, CISSP, CISA, QSA, PA-QSA, Vice President, Payment Software Company (PSC)

As websites have become more complex, the number of third-party sites a website depends on has grown significantly. Security flaws in these third parties have lead to compromises of card data such as Magecart. This session will explore the risk of third party inclusions on websites, consequences of insecure website management and strategies for reducing risk and properly managing all website content.

Track Two (New Payments and Trends)

New Payments and Trends

EMV Secure Remote Commerce

Presented by: Carey Ferro, Chair of the Associates Programme, EMVCo

In response to the ongoing advancement of payment technologies, technical body EMVCo has published EMV SRC v1.0, a set of specifications that enable the creation of a ‘virtual payment terminal’. It provides a foundation that will enable industry solutions for the processing of e-commerce transactions in a consistent, streamlined fashion across a variety of remote-checkout environments channels and consumer devices, including smartphones, tablets, PCs and other connected devices. EMVCo has also launched a payment icon, which signals EMV SRC availability at participating remote-checkout environments. Delegates attending this presentation will receive an introduction to EMV SRC and an insight into how it addresses the current challenges within the remote payments environment.
14:15 - 14:45

Track One

The Future of Cyber Security from Hackers Perspective: Building a Forensically Sound Environment Using PCI DSS

Presented by: Pak Ho Chan, TVM/PCI Practice Manager / Principal Consultant, THALES and Nicole Wong, PCI QSA, CISSP, CISA, GIAC Penetration Tester (GPEN), Principal Consultant, THALES

Transform your business in the new era of cyber security through the eyes of hackers. This session will give the audience an overview of several recent hacking cases, the lessons learned from common failed controls, and the detection of and response to critical controls failure with reference to PCI DSS. Additionally, this session will highlight how PCI DSS as a practical approach can build a forensically sound environment that protects businesses from ever-evolving threats and attacks.

Track Two

Achieving and Maintaining PCI DSS Requirements in the Evolving World of Serverless Cloud Computing

Presented by: Mika Rautio, Senior Software Architect, Poplatek

Adoption of cloud services is a huge global IT trend. Typically, all the new "as-a-service" products utilized by businesses are built on the cloud. With PCI DSS comes requirements and more scrutiny when it comes to adopting latest trends and offerings in the cloud computing. We'll present the evolution of our cloud services from the data center services' lift and shift migration into the cloud and from there the continuing journey towards completely serverless cloud services.
14:55 - 15:25

Track One

Emerging Cloud Technologies

Presented by: John Markh, Standards Manager, Data Security Standards, PCI Security Standards Council and James Snow, Head of Security & Compliance, Google Cloud Platform - Americas

Discuss emerging cloud technologies, focusing on Serverless and Function-as-a-Service, alignment with the traditional cloud categories published by NIST and ISO, and advice on how existing standards and guidance can be applied to secure these services.

Track Two

Updates and Trends in Point of Interaction Devices

Presented by: Tim Cormier, Manager for Device Standards, PCI Security Standards Council and Andrew Jamieson, Director Technology & Security, Underwriters Laboratories

A look at how vendors are changing their devices to meet the new needs of the industry by changing designs and leveraging new technologies.
15:25 - 15:55

Networking Break and Vendor Showcase

15:55 - 16:25

Track One (Deep Dive into Technology)

Deep Dive into Technology

Su-Dunnit?: Tracking Privileged Access in the CDE

Presented by: Boyd Clewis, Senior Security Consultant - Risk, Security, and Privacy, Online Enterprises, Inc. DBA Online Business Systems; Rob Harvey, QSA, CISSP, Managing Director - Risk, Security, and Privacy, Online Enterprises, Inc. DBA Online Business Systems and Adam Kehler, Senior Consultant, Risk, Security and Privacy, Online Business Systems

How do you find a system breach when the intruder is using a root account? In this live demonstration, Online Business Systems will engage the audience to participate in a “whodunnit” mystery to uncover who infiltrated the cardholder data environment (CDE) and exfiltrated payment card data. Through solving this mystery, stakeholders will discover how to identify and track those using privileged user accounts in the CDE so that system misuse and breaches can be discovered in less time.

Track Two (Merchant Perspectives)

Merchant Perspectives
Track Sponsored by

Fraud Prevention in the Hotel Industry is Critical

Presented by: Asli Mermer, Customer Success Manager, Advantio Limited and Marie-Christine Vittet, Data Compliance Manager, ACCOR

Why the hospitality industry is at risk and how PCI DSS Requirement 9.9 compliance helps protecting Electronic Payment Terminals (sensitive equipment capturing cardholder data) - How to protect the high-volume of terminals used in different locations throughout the hotels, and provide security awareness to the hoteliers - How to reduce tampering, skimming and fraud.
16:35 - 17:05

Track One

Securing Emerging Payment Channels: Mobile Payment Acceptance

Presented by: John Markh, Standards Manager, Data Security Standards, PCI Security Standards Council

Join this session to hear about timelines, key principles and high-level architecture of the security standards for mobile payment acceptance channels (SPoC and CPoC). Learn what to expect in future revision of SPoC and how you can participate.

Track Two

An Innovative Approach to Compliance and Security for SMBs

Presented by: Ashley Johnson, Senior Product Manager, Worldpay from FIS and Gabriel Moynagh, Chief Executive Officer, Sysnet Global Solutions

Sysnet, alongside regional clients, will present merchant case studies to show how it is possible to provide positive PCI compliance and cybersecurity experiences for merchants. Educating merchants on a one-to-one basis regarding the benefits of PCI compliance and taking a proactive approach to the provision of security tools, enables acquirers to achieve significantly higher levels of merchant portfolio compliance and also helps to build stronger acquirer/merchant relationships.
17:15 - 17:45

Track One

Cryptographic Update

Presented by: Ralph Poore, Director, Emerging Standards, PCI Security Standards Council

Attend this session to get a better understanding of how Cryptography continues to evolve.

Track Two

Securing the Best Customer Experience

Presented by: Paul Rodgers, Chairman, Vendorcom

Merchants continue to face an apparent dichotomy of how to secure card payments whilst providing the best possible customer experience. This presentation will draw from merchant experiences and explore challenges/potential solutions in online & face to face payments.
17:45 - 19:15

Networking Reception and Vendor Showcase

Thursday, 24 October

07:30 - 09:00

Networking Breakfast and Vendor Showcase

09:00 - 09:15

Welcome Remarks

Presented by: Laura Gray, Senior Director of Communications, PCI Security Standards Council

09:15 - 10:15

Keynote: Innovation, Problem Solving & Rising to Unforeseen Challenges

Presented by: Mike Massimino, Former NASA astronaut, professor of Mechanical Engineering at Columbia University, Columbia University

Mike’s second spaceflight was the final Space Shuttle servicing mission to the Hubble Space Telescope. On that mission Mike was tasked with the most complicated spacewalk ever attempted: the in-space repair of a delicate scientific instrument inside of the telescope. A major miscue during that spacewalk nearly led to failure. But the ground control team and the astronauts in space worked together to come up with an innovative solution that saved the day and the mission. Mike explains how although not every problem has an obvious solution, preparation and innovation can help us overcome unforeseen challenges.
10:15 - 10:45

Networking Break and Vendor Showcase

10:45 - 11:15

Mass Fraud: Can We Help the UK to Win Eurovision Again?

Presented by: Tony Gee, Associate Partner & Speaker, Pen Test Partners

IoT security is getting worse. More & more we see large numbers of consumers exposed to fraud, specifically linked to service subscriptions and micro payments. We’ll explore these issues & show how to spot the fraud & how to mitigate against it. The session will contain entertaining live hacking demonstrations of not-so-smart product security, exposing PII & more. We’ll also provide advice for organisations to help design security in & design fraud out of their smart product offerings.
11:15 - 11:45

Learning from PFI Investigations

Presented by: Gill Woodcock, Senior Director of Certification Programs, PCI Security Standards Council

Learning from analysis of PFI investigations about what is most often identified as causing or contributing to cardholder data breaches.
11:45 - 12:30

Opening the Talent Spigot to Secure Our Digital Future

Presented by: Ed Adams, Board of Directors, ICMCP (International Consortium of Minority Cybersecurity Professionals)

With a cyber security job shortage of ~3.5M qualified professionals, the need for talent has never been greater. But how do you identify and retain the talent needed to secure our digital economy? PCI standards are the most influential and adopted non-regulatory frameworks in the industry - learn them or master a domain and you’ll be in demand. This presentation discusses workforce planning strategies related to PCI standards and resources that provide training and guidance for those interested in security careers.
12:30 - 12:35

Closing Remarks

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

12:35 - 15:35

Assessor Lunch and Session (QSAs, ISAs, ASVs, PFIs, QPAs, CPSAs only)

As an active assessor in the PCI SSC programs, join us for a special session to hear industry best practices, recent case studies, Council updates, live Q&A and networking opportunities with your peers.

Payment Vendor Lunch and Session (PCI Recognized Labs, PA-DSS Vendors, P2PE and SPoC Solution Providers only)

Join your peers for an informational session including Q&A with the PCI SSC team to discuss what’s new for vendors and labs for PCI PTS, P2PE, Mobile and Software Security.