Join us for learning, discovery, updates from the Council, regional community speakers, merchants, industry experts, and more.

Click here to convert to your local time.

  • Tuesday, October 26
  • Wednesday, October 27
  • Thursday, October 28

Tuesday, October 26

All events for this day will take place in Central Europe Summer Time (CEST)
Please note: session breakdown times are approximate.
09:00 - 10:00

Vendor Showcase

Visit and chat with our vendors, sponsors, and exhibitors.
Sponsored by

Brand and PCI SSC Offices

Representatives will be available to meet with you and answer questions.
10:00 - 10:10

Welcome Announcements from Emcee: Laura Schwartz

Presented by: Laura Schwartz, Professional Emcee & Keynote Speaker, Television & Media Commentator

10:10 - 10:30

Global Community Forum Kick-off

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

10:30 - 11:10

Connecting in Our Disconnected World: How PCI SSC Has Continued Our Global Mission

Presented by: Troy Leach, Senior Vice President, Engagement Officer, PCI Security Standards Council

Collaborators: Rich Agostino, Senior Vice President and Chief Information Security Officer, Target; Carlos Caetano, Associate Director, LA Region for Brazil, PCI Security Standards Council; Paul Creswick, Security Evangelist, Australian Payments Network; Brandy Cumberland, Director, Program Operations, PCI Security Standards Council; Lindsay Goodspeed, Senior Manager, Corporate Communications, PCI Security Standards Council; Yan Liu, Principal Consultant, atsec Information Security; Ralph Poore, Director, Emerging Standards, PCI Security Standards Council; Travis Powell, Director, Training Programs, PCI Security Standards Council; Candice Pressinger, BA Hons, MSc, GDPR Practit., Director Customer Data Security, Elavon; Jim Reavis, Co-founder and CEO, Cloud Security Alliance; Elizabeth Terry, PMP, CISSP, CBSA, PCIP, Senior Manager, Community Engagement, PCI Security Standards Council; Giles Witherspoon-Boyd, PCI Security Program Manager Principal, Credian and Kandyce Young, Standards Development Manager, Data Security Standards, PCI Security Standards Council

Despite the challenges of remote engagement, our community has been as busy as ever developing standards, education and connecting with one another.  Don’t miss this session where Troy Leach is joined by several of PCI SSC’s active collaborators from all over the world. Hear about new projects set to launch as well as updates on Council and industry efforts already underway and how you can become more involved in this active collaboration to protect payments globally.
Sponsored by
11:10 - 11:45

Regional Keynote: The Future of Cyber Security From a Friendly Hacker’s Perspective

Presented by: Keren Elazari, Cyber Security Analyst, Author, and Senior Researcher, Tel Aviv University Interdisciplinary Cyber Research Center

Cybersecurity is no longer about protecting secrets. It's about protecting our way of life that relies on digital technology, everywhere : from clouds to smartphones, from sensors to webcams, to stock markets and much more. In 2021, we learned that cyber criminals are innovating faster than ever before. In this environment, are you ready for what's next? This talk will inspire security pros and techies to adapt and evolve, and act on what matters most. We will shed light on emerging security threats, new attack vectors and techniques; discover how our digital universe expanded and how we can empower a virtual workforce to build a digital immune system. Join this talk for a look at the future of cybersecurity and to learn how resilience can be achieved with adaptability and innovation – and surprisingly, by learning from hackers.
11:45 - 12:00

Wellness Break

12:00 - 12:45

LIVE Conversations with the Council

Join PCI SSC staff to discuss some of the payment card industry’s hottest topics, listed below. Be sure to arrive early as space is limited and based on a first-come, first-serve basis.
  • Current and Future Threats, with John Bloomfield- Potential topics to be discussed may include but are not limited to: Ransomware, Malware, Phishing, and more.
  • Future of Information Security, with Mark Mrotek- Potential topics to be discussed may include but are not limited to: Remote Assessments, Cryptography, Centralized Security vs “Zero Trust”, Cloud Security and Cloud HSMs, and more.
  • Future of Payment Security, with Berny Goodheart- Potential topics to be discussed may include but are not limited to: Mobile/MPOC, Payments everywhere (IoT, cars, etc.), 8 digit BIN, tokenization, and more.
  • How to make the most of your PCI SSC Engagement, with Jeremy King, Tom White, Elizabeth Terry- Are you utilizing all of your benefits? What is your understanding the various programs? Any and all general PCI SSC questions can be discussed here.
12:45 - 13:45

Vendor Showcase

Visit and chat with our vendors, sponsors, and exhibitors.
Sponsored by

Brand and PCI SSC Offices

Representatives will be available to meet with you and answer questions.
13:45 - 13:55

An Interview with PCI SSC's Lance J. Johnson

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council and Laura Schwartz, Professional Emcee & Keynote Speaker, Television & Media Commentator

Sponsored by
13:55 - 14:20

PCI DSS v4.0 A Preview of Coming Attractions

Presented by: John Bloomfield, Standards Development Manager, Data Security Standards, PCI Security Standards Council and Lauren Holloway, Director, Data Security Standards, PCI Security Standards Council

Join Lauren Holloway and John Bloomfield to learn about what’s coming with v4.0, get a sneak peek into some new PCI DSS requirements, and see how the Report on Compliance Template, Attestations of Compliance, and merchant self-assessment approach are evolving.
Sponsored by
14:20 - 15:15

Global Keynote: Facing Adversity with Optimism and Resilience

Presented by: J.R. Martinez, wounded U.S. Army veteran, bestselling author, actor, speaker and advocate

None of us knows what we're capable of until we're faced with a tough or unexpected challenge. Often this means having to adjust your dream or vision and sometimes event to create an entirely new goal. It can also mean getting through a tough time a week, day, hour or even minute at a time. By focusing on shorter term goals and keeping optimism (and even humor) at the forefront, your entire outlook and perspective can be transformed. We are all stronger and more resilient than we think. In facing challenges and recovering from setbacks, we have new opportunities to develop the unique gifts that have been given to us. It's about being able to become more what you can envision at the moment.
15:15 - 16:15

PCI SSC Office Hours

Representatives will be available to meet with you and answer questions.

Vendor Showcase

Visit and chat with our vendors, sponsors, and exhibitors.
Sponsored by

Regional On-Demand Sessions and Tech Demos released after 16:00 (available for approximately 3 weeks)

Content Disclaimer: The views and opinions expressed in external presentations are those of the external presenters and do not necessarily reflect the official standards or position of the PCI Security Standards Council.

Tech Demos

Sponsored by

Very Good Security: Expedite PCI SSC Compliance by Never Storing Sensitive Data

Presented by: Grant Crider, Sales Team Lead / Senior Account Executive, Very Good Security

How to Use VGS to Issue a Credit Card without Ever Having to Handle Sensitive Data Yourselves

SecurityMetrics: Understanding the Global E-Commerce Landscape

Presented by: John “JB” Bartholomew, SVP, Technology, SecurityMetrics

Come watch John “JB” Bartholomew deep-dive into the minds of cybercriminals by examining over 15 million websites’ vulnerabilities using a new database, interpretation, and analysis to discover which issues are most pressing and dynamic.

A Global Data Breach Database and the Challenges Encountered

Presented by: Anchises Moraes, Cyber Evangelist, C6 Bank and Nelson Novaes Neto, Researcher and CTO, MIT and C6 Bank

If the mantra “data is the new oil” of our digital economy is correct, then data leak incidents are the critical disasters in the online society. The initial goal of our MIT research was to present a comprehensive database of data breaches of personal information. This article identified the top 430 largest data breach incidents among more than 10,000 data breach incidents. The database that was created, shows that the number of data records breached is more than 22 billion.

A Regional Perspective on Payments and Payment Security - A Panel Discussion

Moderated by: Jeremy King, Vice President, Regional Head for Europe, PCI Security Standards Council

Panelists: Nitin Bhatnagar, Associate Director, India, PCI Security Standards Council; Carlos Caetano, Associate Director, LA Region for Brazil, PCI Security Standards Council and Ryoji Ihara, Associate Director, Japan, PCI Security Standards Council

Listen to the PCI SSC Industry Relationship Team discuss how payment security is being addressed around the world.

Conducting Wireless Access Point Detection

Presented by: Joel Weisz, Emerging Standards Manager, PCI Security Standards Council

This session will share an explanation of some of the methods of testing for the presence of wireless access points (802.11) and detecting and identifying all authorized and unauthorized wireless access points.

Cryptographic Device Management Across Multiple Standards

Presented by: Guilherme Scheibe, QSA, PA-QSA, QSA (P2PE), QPA, Managing Consultant, Foregenix Ltd.

Securely managing cryptographic devices is part of most of PCI standards. POIs, HSMs, KLDs and other SCDs require best practices to ensure their security and reliability. We will provide an overview of the main SCD management concepts to be considered from the start and how mismanaging it impacts compliance and security. The presentation will also map the common concepts and practices across the multiple standards and present the differences between them with the specific goals of each one.

How a Large Retailer Manages its PCI DSS Compliance Programme for All Subsidiaries

Presented by: Tomás Perlines, Head of Payment Security, Schwarz IT KG

Schwarz Group is the leading European retailer providing card payments via multiple payment channels throughout its subsidiaries, among them being the retail brands Lidl and Kaufland with more than 12.000 locations. Continuous growth, both organic and via acquisitions, challenge the enforcement of Compliance Programs such as PCI DSS. We will outline how we are able to meet these challenges.

Life After PA-DSS: Important Considerations for Organizations Migrating From PA-DSS to SSF

Presented by: Jake Marcinko, Senior Manager, Emerging Standards, PCI Security Standards Council

Join this session for a detailed review of the key technical and operational differences between PA-DSS, Secure Software, and Secure SLC standards and programs; the impacts those differences may have on organizations as they migrate from PA-DSS to SSF; and the steps organizations should take to ensure a successful transition.

Migrating to AES – Technical Considerations and Best Practices for Migrating to ISO Format 4 to Support AES

Presented by: Ralph Poore, Director, Emerging Standards, PCI Security Standards Council

Join this session to hear technical considerations and best practices for migrating to ISO Format 4 to support AES.

Multi-tenant HSMs Requirements Overview

Presented by: Leon Fell, Director, Solution Standards, PCI Security Standards Council and Ryan Smith, VP, Global Business Development, Futurex

Hear an overview for Multi-tenant HSM as a new approval class in HSM v4 and how it works in practice.

The Changing Dynamics of the Payment World: Mobile Applications

Presented by: Hüseyin Erkılıç, CISSP, CISA, CISM, QSA, ASV, Senior Information Security Consultant, Cyberwise

The session begins with an overview of the impact of the pandemic on the payment industry, followed by a discussion of CPoC, SPoC, Pin on Glass, and Biometric solutions and mobile application card enrollment and authorization process flows, and Mobile Payment Applications Threats. Mr. Erkılıç will conclude with an examination of emerging technologies related to the Payment Industry.

The Evolution of PCI SSC Standards and Programs and the Payments Ecosystem

Presented by: Scott Chambers, Standards Trainer, PCI Security Standards Council and Emma Sutcliffe, Senior Vice President, Standards Officer, PCI Security Standards Council

Join us to learn more about the complex interactions between the PCI Standards and how they are evolving to support the ever-changing world of payments.

Updates on PCI SSC Mobile Security Standards

Presented by: John Markh, Senior Manager, Emerging Standards, PCI Security Standards Council

Join this session to hear about published PCI security standards for mobile payment acceptance channels. Learn what to expect in the future Mobile Payments on COTS - our new, modular, objective-based mobile payment acceptance channel, including timelines, key principles and supported payment acceptance channels.

Uprating Serverless Architectures for Compliance

Presented by: Tim Bannister, PCIP, Consultant, The Scale Factory

Serverless technologies let teams deploy simple components quickly and without worrying about infrastructure details. Cloud service providers solve tricky problems, so you don't have to. Join this session to understand what it takes to move from a deployed cloud-native architecture to running an application workload with demonstrable information security compliance.

Vulnerability Disclosure Programs: A Tale from Both Sides

Presented by: Ken Munro, Founder and Partner, Pen Test Partners

The PCI has required its members to adhere to a Vulnerability Management Program since 2010 but we’re now seeing regulators call for Vulnerability Disclosure Programs (VDPs) across industries. A VDP puts in place procedures to aid the swift resolution of the issue before it becomes known and exploitable. In this session we explore the good and bad elements of a VDP, what NOT to do by citing a recent case study and provide a summary of what we think constitutes an effective disclosure framework.

 

Wednesday, October 27

All events for this day will take place in Japan Standard Time (JST)
Please note: session breakdown times are approximate.
09:00 - 10:00

Vendor Showcase

Visit and chat with our vendors, sponsors, and exhibitors.
Sponsored by

Brand and PCI SSC Offices

Representatives will be available to meet with you and answer questions.
10:00 - 10:10

Welcome Announcements from Emcee: Laura Schwartz

Presented by: Laura Schwartz, Professional Emcee & Keynote Speaker, Television & Media Commentator

10:10 - 10:30

Global Community Forum Kick-off

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

10:30 - 11:10

Connecting in Our Disconnected World: How PCI SSC Has Continued Our Global Mission

Presented by: Troy Leach, Senior Vice President, Engagement Officer, PCI Security Standards Council

Collaborators: Rich Agostino, Senior Vice President and Chief Information Security Officer, Target; Carlos Caetano, Associate Director, LA Region for Brazil, PCI Security Standards Council; Paul Creswick, Security Evangelist, Australian Payments Network; Brandy Cumberland, Director, Program Operations, PCI Security Standards Council; Lindsay Goodspeed, Senior Manager, Corporate Communications, PCI Security Standards Council; Yan Liu, Principal Consultant, atsec Information Security; Ralph Poore, Director, Emerging Standards, PCI Security Standards Council; Travis Powell, Director, Training Programs, PCI Security Standards Council; Candice Pressinger, BA Hons, MSc, GDPR Practit., Director Customer Data Security, Elavon; Jim Reavis, Co-founder and CEO, Cloud Security Alliance; Elizabeth Terry, PMP, CISSP, CBSA, PCIP, Senior Manager, Community Engagement, PCI Security Standards Council; Giles Witherspoon-Boyd, PCI Security Program Manager Principal, Credian and Kandyce Young, Standards Development Manager, Data Security Standards, PCI Security Standards Council

Despite the challenges of remote engagement, our community has been as busy as ever developing standards, education and connecting with one another.  Don’t miss this session where Troy Leach is joined by several of PCI SSC’s active collaborators from all over the world. Hear about new projects set to launch as well as updates on Council and industry efforts already underway and how you can become more involved in this active collaboration to protect payments globally.
Sponsored by
11:10 - 11:45

Regional Keynote: How Technologies Like AI Are Reshaping the Future of Payments

Presented by: Dr. Ayesha Khanna, Co-Founder and CEO, ADDO AI

Artificial intelligence is increasingly being used to streamline, automate and enhance digital payments. With a world moving increasingly towards omni-channel digital payments after Covid-19 and cyberattacks at an all-time high, AI offers a new way to counter digital threats effectively. Dr. Ayesha Khanna discusses exciting ways in which AI is disrupting the industry and paving the way for new technologies like quantum computing in payments.
11:45 - 12:00

Wellness Break

12:00 - 12:45

LIVE Conversations with the Council

Join PCI SSC staff to discuss some of the payment card industry’s hottest topics, listed below. Be sure to arrive early as space is limited and based on a first-come, first-serve basis.
  • Current and Future Threats, with Mike Thompson- Potential topics to be discussed may include but are not limited to: Ransomware, Malware, Phishing, and more.
  • Future of Information Security, with Andrew Jamieson- Potential topics to be discussed may include but are not limited to: Remote Assessments, Cryptography, Centralized Security vs “Zero Trust”, Cloud Security and Cloud HSMs, and more.
  • Future of Payment Security, with John Markh- Potential topics to be discussed may include but are not limited to: Mobile/MPOC, Payments everywhere (IoT, cars, etc.), 8 digit BIN, tokenization, and more.
12:45 - 13:45

Brand and PCI SSC Offices

Representatives will be available to meet with you and answer questions.

Vendor Showcase

Visit and chat with our vendors, sponsors, and exhibitors.
Sponsored by
13:45 - 13:55

An Interview with PCI SSC's Lance J. Johnson

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council and Laura Schwartz, Professional Emcee & Keynote Speaker, Television & Media Commentator

13:55 - 14:20

PCI DSS v4.0 A Preview of Coming Attractions

Presented by: John Bloomfield, Standards Development Manager, Data Security Standards, PCI Security Standards Council and Lauren Holloway, Director, Data Security Standards, PCI Security Standards Council

Join Lauren Holloway and John Bloomfield to learn about what’s coming with v4.0, get a sneak peek into some new PCI DSS requirements, and see how the Report on Compliance Template, Attestations of Compliance, and merchant self-assessment approach are evolving.
Sponsored by
14:20 - 15:15

Global Keynote: Facing Adversity with Optimism and Resilience

Presented by: J.R. Martinez, wounded U.S. Army veteran, bestselling author, actor, speaker and advocate

None of us knows what we're capable of until we're faced with a tough or unexpected challenge. Often this means having to adjust your dream or vision and sometimes event to create an entirely new goal. It can also mean getting through a tough time a week, day, hour or even minute at a time. By focusing on shorter term goals and keeping optimism (and even humor) at the forefront, your entire outlook and perspective can be transformed. We are all stronger and more resilient than we think. In facing challenges and recovering from setbacks, we have new opportunities to develop the unique gifts that have been given to us. It's about being able to become more what you can envision at the moment.
15:15 - 16:15

Vendor Showcase

Visit and chat with our vendors, sponsors, and exhibitors.
Sponsored by

PCI SSC Office Hours

Representatives will be available to meet with you and answer questions.

Regional On-Demand Sessions and Tech Demos released after 16:00 (available for approximately 3 weeks)

Content Disclaimer: The views and opinions expressed in external presentations are those of the external presenters and do not necessarily reflect the official standards or position of the PCI Security Standards Council.

Tech Demos

Sponsored by

SISA: SISA RADAR Data Discovery & Classification Tool

Presented by: Aurobinda Patra, Solution Architect, Business Unit Head of Cyber Security Products, SISA

SISA Radar, a data discovery tool, identifies sensitive data and enables users to analyze, track, and report on file content. It provides a remediation interface, reducing time and effort to comply with PCI and PII data regulations.

Total Compliance Tracking: Managing Compliance Should Be Easier

Presented by: Todd Coshow, Head of Business Development, Total Compliance Tracking and Jon Dotson, Head of Product, Total Compliance Tracking

Total Compliance Tracking's real-time compliance management software takes the chaos out of the audit process to help companies complete one or many audits with clarity and clear communication between all stakeholders.

A Regional Perspective on Payments and Payment Security - A Panel Discussion

Moderated by: Jeremy King, Vice President, Regional Head for Europe, PCI Security Standards Council

Panelists: Nitin Bhatnagar, Associate Director, India, PCI Security Standards Council; Carlos Caetano, Associate Director, LA Region for Brazil, PCI Security Standards Council and Ryoji Ihara, Associate Director, Japan, PCI Security Standards Council

Listen to the PCI SSC Industry Relationship Team discuss how payment security is being addressed around the world.

Conducting Wireless Access Point Detection

Presented by: Joel Weisz, Emerging Standards Manager, PCI Security Standards Council

This session will share an explanation of some of the methods of testing for the presence of wireless access points (802.11) and detecting and identifying all authorized and unauthorized wireless access points.

Migrating to AES – Technical Considerations and Best Practices for Migrating to ISO Format 4 to Support AES

Presented by: Ralph Poore, Director, Emerging Standards, PCI Security Standards Council

Join this session to hear technical considerations and best practices for migrating to ISO Format 4 to support AES.

Life After PA-DSS: Important Considerations for Organizations Migrating From PA-DSS to SSF

Presented by: Jake Marcinko, Senior Manager, Emerging Standards, PCI Security Standards Council

Join this session for a detailed review of the key technical and operational differences between PA-DSS, Secure Software, and Secure SLC standards and programs; the impacts those differences may have on organizations as they migrate from PA-DSS to SSF; and the steps organizations should take to ensure a successful transition.

Payment Security for IoT, 5G, and Other Emerging Technology

Presented by: Kaushik Pandey, CISM, CRISC, QSA, PMP, CDPSE ISO27, Consultant, SISA

Technological advancements that have enhanced payment options for consumers have also expanded the attack surface. Therefore, security professionals and industry regulators are working diligently to ensure payments security as businesses adopt innovation in digital payments. In this session, SISA will present both sides of the story by mapping closely the following (but not limited to): Digital wallets, usage of IoT, dockers and containers, cloud infrastructure and blockchain.

Multi-tenant HSMs Requirements Overview

Presented by: Leon Fell, Director, Solution Standards, PCI Security Standards Council and Ryan Smith, VP, Global Business Development, Futurex

Hear an overview for Multi-tenant HSM as a new approval class in HSM v4 and how it works in practice.

Practical ways to Shift Left for Security and Compliance

Presented by: Zeal Somani, QSA, Security Solutions Manager, Google and Ann Wallace, ISA, Security Solutions Manager, Google

In this session, we will discuss how to use threat modeling and security tests earlier in the software development lifecycle to help ensure “continuous security and compliance.” Then, we will address how your devops teams can declare certain PCI DSS compliance outcomes or policies in the code. We will share thoughts on how to build a known good state of your cloud-native infrastructure and use automation to detect and alert on security and compliance drifts.
Sponsored by

Technical Challenges in Designing CPoC and SPoC Solutions

Presented by: David McGregor, Lab Manager, PCI Accredited Lab, UL

After evaluating a number of CPoC and SPoC solutions, UL has observed a number of common issues. This talk discusses some of the more problematic SPoC/CPoC requirements and potential solutions.
  • Application layer cryptography, not relying upon TLS
  • Key provisioning using forward secrecy
  • Key storage and processing
  • Local vs. remote attestation
  • Random number generation
  • Detecting ADB and developer options

The Future of Cybersecurity from Hackers' Perspective: "Think Bad. Do Good." A Threat-driven Defense Approach to Cloud Security

Presented by: Pak Ho Chan, Group Assessment & Assurance Lead, Thales Transport & Security (Hong Kong) Ltd. and Nicole Wong, CISSP, CISA, GXPN, GPEN, GDAT, PCI QSA, Principal Consultant, Thales Transport & Security (Hong Kong) Ltd.

In recent years, the layer of defense approach has been adopted in various corporations. However, cyberattacks still occur as a result of data breaches and critical infrastructure intrusion. Due to the pandemic crisis, more and more organizations accelerated the Cloud adoption plan to increase corporations' capacities without investing in hardware and physical facilities. Nevertheless, most organizations still use the same approach as traditional on-premise infrastructure to implement security controls on the Cloud. This session will provide attendees with an overview of the trend and modern technologies that could compromise various Cloud services and infrastructure. Additionally, illustrate how to utilize PCI DSS as a foundation to define what to do for implementing a threat-driven approach on the Cloud, which can eventually identify and fix the weaknesses as well as detect the attacks for securing the services and resources in your cloud environment from cyber-attacks.

The Evolution of PCI SSC Standards and Programs and the Payments Ecosystem

Presented by: Scott Chambers, Standards Trainer, PCI Security Standards Council and Emma Sutcliffe, Senior Vice President, Standards Officer, PCI Security Standards Council

Updates on PCI SSC Mobile Security Standards

Presented by: John Markh, Senior Manager, Emerging Standards, PCI Security Standards Council

Join this session to hear about published PCI security standards for mobile payment acceptance channels. Learn what to expect in the future Mobile Payments on COTS - our new, modular, objective-based mobile payment acceptance channel, including timelines, key principles and supported payment acceptance channels.

The Migration to 8-digit BIN - A Paradigm Shift! A Disruptive Change?

Presented by: Pratik Mehta, ISO 2700LA, Regional Manager of Business Development and Strategy, Crossbow Labs LLP and Nivedita Sharma, ISO 27001LA, Associate Business Manager, Crossbow Labs, LLP

We have all read and heard about the migration to 8-digit BIN, but did we really apply it to the current payment card ecosystem? If not, get an overview of what is in store when the 8-digit BIN replaces the scarce 6-digit BIN, come April 22—about a year from now.
16:34 - 16:35

 

What a Solid Vulnerability Program Should Look Like

Presented by: Brian Odian, CISM, CRISC, QSA, PMP, CDPSE ISO27, Director GCRS Asia Pacific, SecureTrust

Whether it be vulnerability scanning, penetration testing, red teaming, purple teaming, patch management, or even secure coding, faster and cheaper doesn’t lead to a secure outcome. How do you build a solid and managed program with SMART metrics that not only supports timely incident management and prevention, but also one that supports the story behind your required resources to executive leadership.

Thursday, October 28

All events for this day will take place in Eastern Daylight Time (EDT)
Please note: session breakdown times are approximate.
9:00 AM - 10:00 AM

Vendor Showcase

Visit and chat with our vendors, sponsors, and exhibitors.
Sponsored by

Brand and PCI SSC Offices

Representatives will be available to meet with you and answer questions.
10:00 AM - 10:10 AM

Welcome Announcements from Emcee: Laura Schwartz

Presented by: Laura Schwartz, Professional Emcee & Keynote Speaker, Television & Media Commentator

10:10 AM - 10:30 AM

Global Community Forum Kick-off

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

10:30 AM - 11:10 AM

Connecting in Our Disconnected World: How PCI SSC Has Continued Our Global Mission

Presented by: Troy Leach, Senior Vice President, Engagement Officer, PCI Security Standards Council

Collaborators: Rich Agostino, Senior Vice President and Chief Information Security Officer, Target; Carlos Caetano, Associate Director, LA Region for Brazil, PCI Security Standards Council; Paul Creswick, Security Evangelist, Australian Payments Network; Brandy Cumberland, Director, Program Operations, PCI Security Standards Council; Lindsay Goodspeed, Senior Manager, Corporate Communications, PCI Security Standards Council; Yan Liu, Principal Consultant, atsec Information Security; Ralph Poore, Director, Emerging Standards, PCI Security Standards Council; Travis Powell, Director, Training Programs, PCI Security Standards Council; Candice Pressinger, BA Hons, MSc, GDPR Practit., Director Customer Data Security, Elavon; Jim Reavis, Co-founder and CEO, Cloud Security Alliance; Elizabeth Terry, PMP, CISSP, CBSA, PCIP, Senior Manager, Community Engagement, PCI Security Standards Council; Giles Witherspoon-Boyd, PCI Security Program Manager Principal, Credian and Kandyce Young, Standards Development Manager, Data Security Standards, PCI Security Standards Council

Despite the challenges of remote engagement, our community has been as busy as ever developing standards, education and connecting with one another.  Don’t miss this session where Troy Leach is joined by several of PCI SSC’s active collaborators from all over the world. Hear about new projects set to launch as well as updates on Council and industry efforts already underway and how you can become more involved in this active collaboration to protect payments globally.
Sponsored by
11:10 AM - 11:50 AM

Regional Keynote: How I Would Hack You & How to Stop Me

Presented by: Rachel Tobac, Hacker and CEO, SocialProof Security

It only takes 1 email, a 30 second call, or 1 social media DM for her to hack you and gain access to your money, data, and systems. Meet Rachel Tobac, who executes these social engineering attacks for a living and uses her real-life ethical hacking stories to keep orgs up to date on the methods criminals are using to trick people. She'll break down recent cyber attacks in the news, how the pandemic has changed the hacker playbook, and how to defend against the latest manipulation methods. Her tales from the field and live hacking demonstrations throughout the presentation are sure to keep you and your team "politely paranoid" to catch the next human hacker in the act.
Sponsored by
11:50 AM - 12:05 PM

Wellness Break

12:05 PM - 12:50 PM

LIVE Conversations with the Council

Join PCI SSC staff to discuss some of the payment card industry’s hottest topics, listed below. Be sure to arrive early as space is limited and based on a first-come, first-serve basis. ​
  • Current and Future Threats, with Tim Cormier, Doug Manchester- Potential topics to be discussed may include but are not limited to: Ransomware, Malware, Phishing, and more.
  • Future of Information Security, with Lauren Holloway- Potential topics to be discussed may include but are not limited to: Remote Assessments, Cryptography, Centralized Security vs “Zero Trust”, Cloud Security and Cloud HSMs, and more
  • Software, with Jake Marcinko- Potential topics to be discussed may include but are not limited to: Adoption of the Software Security Framework, Migration from Hardware to Software, and more.
  • Future of Payment Security, with John Markh, Leon Fell- Potential topics to be discussed may include but are not limited to: Mobile/MPOC, Payments everywhere (IoT, cars, etc.), 8 digit BIN, tokenization, and more.
  • How to make the most of your PCI SSC Engagement, with Elizabeth Terry, Travis Powell, Josh Koepsell, Marc Bayerkohler- Are you utilizing all of your benefits? What is your understanding the various programs? Any and all general PCI SSC questions can be discussed here.
12:50 PM - 1:50 PM

Brand and PCI SSC Offices

Representatives will be available to meet with you and answer questions.

Vendor Showcase

Visit and chat with our vendors, sponsors, and exhibitors.
Sponsored by
1:50 PM - 2:00 PM

An Interview with PCI SSC's Lance J. Johnson

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council and Laura Schwartz, Professional Emcee & Keynote Speaker, Television & Media Commentator

Sponsored by
2:00 PM - 2:25 PM

PCI DSS v4.0 A Preview of Coming Attractions

Presented by: John Bloomfield, Standards Development Manager, Data Security Standards, PCI Security Standards Council and Lauren Holloway, Director, Data Security Standards, PCI Security Standards Council

Join Lauren Holloway and John Bloomfield to learn about what’s coming with v4.0, get a sneak peek into some new PCI DSS requirements, and see how the Report on Compliance Template, Attestations of Compliance, and merchant self-assessment approach are evolving.
Sponsored by
2:25 PM - 3:20 PM

Global Keynote: Facing Adversity with Optimism and Resilience

Presented by: J.R. Martinez, wounded U.S. Army veteran, bestselling author, actor, speaker and advocate

None of us knows what we're capable of until we're faced with a tough or unexpected challenge. Often this means having to adjust your dream or vision and sometimes event to create an entirely new goal. It can also mean getting through a tough time a week, day, hour or even minute at a time. By focusing on shorter term goals and keeping optimism (and even humor) at the forefront, your entire outlook and perspective can be transformed. We are all stronger and more resilient than we think. In facing challenges and recovering from setbacks, we have new opportunities to develop the unique gifts that have been given to us. It's about being able to become more what you can envision at the moment.
3:20 PM - 4:20 PM

Vendor Showcase

Visit and chat with our vendors, sponsors, and exhibitors.
Sponsored by

PCI SSC Office Hours

Representatives will be available to meet with you and answer questions.
4:20 PM - 5:05 PM

Trivia

Join us for this fun and fast-paced game where we’ll test your skills in a trivia challenge hosted by our event emcee, Laura Schwartz. From pop-culture, to sports, history, and even some PCI SSC knowledge, we’ll see who rises to the top. Not only do you get points for answering correctly, but the quicker you answer, the more points you get. Prizes awarded for the top 3 participants include a pair of headphones, an Amazon gift card, and a drone! Have your smartphones charged and ready!
Sponsored by

Regional On-Demand Sessions and Tech Demos released after 4:00 PM (available for approximately 3 weeks)

Content Disclaimer: The views and opinions expressed in external presentations are those of the external presenters and do not necessarily reflect the official standards or position of the PCI Security Standards Council.

Tech Demos

Sponsored by

HackEDU: How To Use Your Vulnerabilities To Train Your Developers on Security

Presented by: Jared Ablon, CEO, HackEDU

Can vulnerabilities be used for good? Learn how to use vulnerabilities found in developers code to create secure coding training plans that are tailored specifically to them. This demo will show you how it works.

A-LIGN: Expedite PCI DSS Compliance With A-LIGN’s Audit Management Platform, A-SCEND

Presented by: John Baughman, Solutions Advisor, A-LIGN and Dustin Rich, PCI DSS Practice Lead, A-LIGN

Learn how you can streamline the audit process, centralize evidence collection, standardize compliance requests, and improve productivity with the help of technology on your next PCI DSS audit.

Servadus: Vulnerability Lifecycle Management

Presented by: Ron Tosto, Chief Executive Officer, Servadus

The Servadus tech demo will focus on the how to properly use the Qualys ASV tools, reading the reports, and coordinating remediation of the findings prior to retesting to maintain security and compliance.

PKWare: Productivity Protected

Presented by: EJ Pappas, Managing Director of Strategic Accounts, PKWARE

PKWARE offers data discovery and protection that locates and secures sensitive data to minimize organizational risks and costs, regardless of device/environment. Gain visibility and control for PCI compliance, even in complex environments.

A Regional Perspective on Payments and Payment Security - A Panel Discussion

Moderated by: Jeremy King, Vice President, Regional Head for Europe, PCI Security Standards Council

Panelists: Nitin Bhatnagar, Associate Director, India, PCI Security Standards Council and Ryoji Ihara, Associate Director, Japan, PCI Security Standards Council

Listen to the PCI SSC Industry Relationship Team discuss how payment security is being addressed around the world.

Beyond the Scanner: How Relying on Vulnerability Scanners Leaves You Open to Breach

Presented by: Boyd Clewis, CISSP, CISA, CCSK, PCIP, Vice President, Baxter Clewis Consulting

Vulnerability scanning is not a vulnerability management program. Too many companies believe that relying on this critical step is the end of their search for security risks. In this presentation, Boyd Clewis uses his extensive knowledge as a cybersecurity expert and former QSA to break down how vulnerability scans are leaving your systems exposed and key steps to take to fill the security gaps.

Considerations for Secure Product Development

Presented by: Dick Hacking, QSA, CISM, CISA, Principal Security Analyst, Truvantis, Inc.

Developed for both product management and software design teams, this talk introduces all the aspects that need to be considered for the whole lifecycle of a secure and privacy-compliant product. It is informed by the many omissions and gaps seen during implementation and support of both the computers themselves and the applications deployed to them.

Conducting Wireless Access Point Detection

Presented by: Joel Weisz, Emerging Standards Manager, PCI Security Standards Council

This session will share an explanation of some of the methods of testing for the presence of wireless access points (802.11) and detecting and identifying all authorized and unauthorized wireless access points.

DIY D&I with PCI: Do-It-Yourself Cybersecurity Diversity & Inclusion

Presented by: Ed Adams, CEO, Security Innovation Inc. and Director, Cyversity (formerly ICMCP) and Sherron Burgess, SVP, CISO, BCD Travel and VP & Director, Cyversity (formerly ICMCP)

The need for cybersecurity talent has never been greater, yet women and minorities are still dramatically under-represented. This presentation discusses effective workforce planning with a particular focus on solving those two pervasive problems. We show a practical, effective approach to address both. We also share case studies of people who have successfully built diversity and inclusion (D&I) programs in cybersecurity at globally recognized organizations.

Investing in the Future and Paving the Way to Further Security in Payments - A Panel Discussion

Moderated by: Tanya Deen, CISSP, ISA, Director, Information Security, Global Payments Inc.

Panelists: Casal (CJ) Henry, MSIT, MBA, CSCT, CCFE, Director, Information Security, Global Payments Inc.; Stacy Hughes, CPA, CITP, CRISC, CISM, Chief Information Security Officer, Global Payments Inc.; Mike Kane, VP, Global Security Operations Management, Global Payments Inc. and Matthew Warner-McKinley, Information Security Analyst II, Global Payments Inc.

The payments industry will always be plagued by cyberattacks and we will always look for ways to combat them. People are our greatest defense. Join us for a panel discussion on investing in the future of payment security while also giving back to your community, driving greater diversity, and attracting the next generation of cybersecurity professionals. We will discuss experiences from addressing the gap between theoretical knowledge and industry application of cybersecurity practices.

Life After PA-DSS: Important Considerations for Organizations Migrating From PA-DSS to SSF

Presented by: Jake Marcinko, Senior Manager, Emerging Standards, PCI Security Standards Council

Join this session for a detailed review of the key technical and operational differences between PA-DSS, Secure Software, and Secure SLC standards and programs; the impacts those differences may have on organizations as they migrate from PA-DSS to SSF; and the steps organizations should take to ensure a successful transition.

Leveraging Changes in P2PE v3 to Solve Solution Provider Challenges

Presented by: Brandon Audisio, Director of Product Engineering, POS Portal, A ScanSource Company; Melissa Medeiros, Security Product Development Manager, Global Payments Inc. and Sam Pfanstiel, QSA (P2PE), QPA, SSF SSA, SSLCA, Director, Security Consulting Services, Viking Cloud

Implementing P2PE can be difficult for any organization but bringing legacy processes and systems into P2PE compliance can be especially challenging. In this session, hear from processing experts on how they empowered their teams to leverage changes to P2PE v3 to overcome unique challenges. This case study will take you into a virtual whiteboarding session where product, infrastructure, and encryption teams discuss how program changes helped them integrate disparate systems in this solution.
Sponsored by

Migrating to AES – Technical Considerations and Best Practices for Migrating to ISO Format 4 to Support AES

Presented by: Ralph Poore, Director, Emerging Standards, PCI Security Standards Council

Join this session to hear technical considerations and best practices for migrating to ISO Format 4 to support AES.

Magecart and Formjacking Threats - Ensuring Website Protection and PCI Compliance

Presented by: Matt McGuirk, Solution Architect, Source Defense

Magecart, an umbrella term for dozens of criminal groups that place skimming code in the Javascript of websites to intercept data typed into forms, is one of the leading threats facing e-commerce today. The client-side browser is the front door for interaction with customers and their data but can also be an open door for hackers to explore attack vectors like the aforementioned Magecart and formjacking. The world is under more pressure than ever to keep online engines running properly.

Mitigating Common Risks in e-commerce with SSF

Presented by: Flavio Bonfiglio Sorans, QSA, Head of PCI Software Security Framework, Foregenix Ltd. and Matt Southworth, VP, Security Engineering, Priceline

During this presentation with Priceline, an e-commerce industry leader, Matt and Flavio will discuss software security and challenges of implementing protection mechanisms to e-commerce's common and current risks scenarios and how the Software Security Framework provides help mitigating them.

Multi-tenant HSMs Requirements Overview

Presented by: Leon Fell, Director, Solution Standards, PCI Security Standards Council and Ryan Smith, VP, Global Business Development, Futurex

Hear an overview for Multi-tenant HSM as a new approval class in HSM v4 and how it works in practice.

Pandemic Lessons from the “People" Component of PCI DSS Compliance

Presented by: Ralph Villanueva, PCIP, CISA, CISM, ISO 27001LA, IT Compliance Analyst, Diamond Resorts

Mr. Villanueva will discuss the "people" aspect of PCI DSS compliance during the pandemic, the lessons learned from his and his peers' successes and failures in enforcing PCI-DSS v3.2.1 requirements, and insights gained which can be used in planning for future business disruptions.

PCI Complexities within a University Setting

Presented by: Kevin Doar, CISA, CIA, ISA, Director, Office of Merchant Services, University of Washington

The complexities of managing PCI Compliance within a university setting are incredibly challenging. This session will explore the unique challenges a university faces within the PCI world.

PCI Compliance in the Cloud - Practical Guidance for QSAs and ISAs

Presented by: Sheryl Benedict, QSA, Principal Consultant, Foregenix Ltd. and Brian Willis, QSA, ISA, Senior Manager, LBMC

Ms. Benedict and Mr. Willis will review the basics of cloud architecture and security components, then, with the help of real-world examples, discuss the opportunities and challenges of applying the PCI DSS Requirements to cloud services. This knowledge is applicable to external and internal assessors, as well as merchants and service providers who utilize or are considering cloud services.

The Evolution of PCI SSC Standards and Programs and the Payments Ecosystem

Presented by: Scott Chambers, Standards Trainer, PCI Security Standards Council and Emma Sutcliffe, Senior Vice President, Standards Officer, PCI Security Standards Council

Join us to learn more about the complex interactions between the PCI Standards and how they are evolving to support the ever-changing world of payments.

 

Updates on PCI SSC Mobile Security Standards

Presented by: John Markh, Senior Manager, Emerging Standards, PCI Security Standards Council

Join this session to hear about published PCI security standards for mobile payment acceptance channels. Learn what to expect in the future Mobile Payments on COTS - our new, modular, objective-based mobile payment acceptance channel, including timelines, key principles and supported payment acceptance channels.