Join us for two days of discovery, updates and insights from members of the Council, regional community figures and merchants.

Registration Now Open
  • Wednesday, 20 Nov
  • Thursday, 21 Nov

Wednesday, 20 NovemberAll sessions will take place in Melbourne Room 2

7:30 - 9:00

Networking Breakfast and Vendor Showcase

Melbourne Room 1
9:00 - 9:30

Opening Remarks: Collaboration and Community - Working Together to Secure Payment Data

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

A brief overview on how the community is coming together in many ways on many levels to build a secure future of payments. You will also hear important information about the event and all that is in store. Learn how to make the most of your time while in Melbourne.
9:30 - 10:15

PCI SSC Turns 13: What's Ahead

Presented by: Troy Leach, Chief Technology Officer, PCI Security Standards Council

Reflecting on the changes in payments over our history that has influenced upcoming standards such as DSS v4.0, Software Security Framework and the PCI SSC’s new engagement model.
10:15 - 10:45

Networking Break and Vendor Showcase

Melbourne Room 1
10:45 - 11:30

Understanding PCI DSS 4.0

Presented by: Emma Sutcliffe, Senior Director, Data Security Standards, PCI Security Standards Council

PCI DSS v4 is anticipated to introduce new requirements and new approaches to validation to accommodate the evolving payments environment. Join us to hear about these changes and how you can participate in the upcoming feedback period.
11:30 - 12:00

Securing Emerging Payment Channels: Mobile Payment Acceptance

Presented by: Troy Leach, Chief Technology Officer, PCI Security Standards Council

Join this session to hear about timelines, key principles and high-level architecture of the security standards for mobile payment acceptance channels (SPoC and CPoC). Learn what to expect in future revision of SPoC and how you can participate
12:00 - 12:30

Software Security Framework Roadmap for 2019 and Beyond

Presented by: Emma Sutcliffe, Senior Director, Data Security Standards, PCI Security Standards Council

Join PCI SSC to hear about the Software Security Framework to learn how the two standards within the framework work together and the impact on participants in the SSF program and the PA-DSS Program. You will also hear how the SSF may benefit your organization through use cases that highlight the interaction between the two standards. Finally, next steps for the framework in 2019 and beyond will be discussed.
12:30 - 13:30

Networking Lunch and Vendor Showcase

Melbourne Room 1
13:30 - 14:00

The Future of Cyber Security from Hackers Perspective: Building a Forensically Sound Environment Using PCI DSS

Presented by: Pak Ho Chan, TVM/PCI Practice Manager / Principal Consultant, THALES and Nicole Wong, PCI QSA, CISSP, CISA, GIAC Penetration Tester (GPEN), Principal Consultant, THALES

Transform your business in the new era of cyber security through the eyes of hackers. This session will give the audience an overview of several recent hacking cases, the lessons learned from common failed controls, and the detection of and response to critical controls failure with reference to PCI DSS. Additionally, this session will highlight how PCI DSS as a practical approach can build a forensically sound environment that protects businesses from ever-evolving threats and attacks.
14:00 - 14:30

Managing Security Challenges Across a Diverse Multi-National Payment Eco-System

Presented by: Thanut Pimhataivoot, PCI ISA, PCIP, ISMS PA, CISSP, Asst. Manager, IT Compliance and Audit, NTT DATA (Thailand) Co., Ltd.

Advancement in payment technology enables the payment service to go across traditional borders such as culture, nation and platform. With such diversity, payment security becomes more complicated. This session will show case how and what an organization can do to manage the security of such diverse eco-system including correlation with multiple countries and local regulations, consideration for cutting edge payment technologies, cultural gaps, and foresight into future changes and trends.
14:30 - 15:00

Networking Break and Vendor Showcase

Melbourne Room 1
15:00 - 15:30

Australia's Payment Systems in 2029 - Implications for Cards and Security

Presented by: Andy White, CEO, Australian Payments Network (AusPayNet)

15:30 - 16:00

Card Data Breaches in eCommerce – Cart Jacking

Presented by: John Rundell, QSA, CISM, FCPA, FCA, Managing Director, Stratica

This session will discuss a case study showing how ecommerce data breaches have evolved over the last 5 years. As retail moved online, how do we build awareness of the risks in open source and PHP developed sites? The risks with different platforms such as Magento etc.
16:00 - 16:30

A PCI Walk in the Clouds

Presented by: Yan Liu, Principal Consultant, atsec (Beijing) information Technology Co., Ltd and Todd Xie, Principal Consultant, atsec (Beijing) information Technology Co., Ltd

This presentation provides analysis on cloud payment (SAAS) products offered by CSPs and the cloud-based payment services (IAAS based) provided by payment service providers. Their inherent security risks will be elaborated to help developing necessary security controls for CSPs. Through a case study on Tencent Financial Cloud, the applicability of PCI DSS requirements and its challenges will be discussed.
16:30 - 18:00

Networking Reception and Vendor Showcase

Melbourne Room 1

Sponsored by

Thursday, 21 NovemberAll sessions will take place in Melbourne Room 2

7:30 - 9:00

Networking Breakfast and Vendor Showcase

Melbourne Room 1
9:00 - 9:15

Welcome Remarks

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

9:15 - 10:15

Keynote: Cyber Security - Building Cyber Resilience in Australia

Presented by: David Irvine, Retired Director General, Australia Security Intelligence Organisation (ASIO)

The threat (burning platform) and building greater cyber resilience.Cyber attack is a threat to our national security, to our privacy and to our hip pockets. It targets governments, enterprises and individuals. The same cyber-attack tools available to nation states are available to individuals, both organised crime and recreational hackers. While Australian boards and senior management are increasingly aware of the threat cybercrime presents to their bottom line, many are still coming to terms with how to approach this new vector of enterprise risk. David Irvine suggests how boards and managers can tackle this problem – and how the private sector and government need to work together to protect.
10:15 - 10:45

Networking Break and Vendor Showcase

Melbourne Room 1
10:45 - 11:15

PCI Approved; Really?

Presented by: Sajal Islam, PhD, CISSP, CISA, QSA, P2PE QSA, Audit Manager, UL

PCI approved terminals and solutions go through rigorous security evaluation by PCI SSC approved PTS/SPoC labs. The main objective is to ensure sensitive account data is protected using industry accepted and validated security mechanisms. Often, how these security mechanisms are used effectively in the field to complement PCI DSS compliance is not well understood. Come along to get a PTS/SPoC lab and QSA perspective, so that you can use the full security benefits of a PCI-approved terminal/solution.
11:15 - 11:45

Threat Landscape and Breach Investigation Insights

Presented by: Raymond Simpson, QSA, PA-QSA, CISSP, C|CISO, Managing Director, Foregenix

In this presentation, we will examine the threat landscape by looking at findings from regional reviews and breach investigations and identify the core elements of breakdown resulting in loss. Additionally, we will discuss failure findings and identify what elements continuously hamper efforts in achieving security and compliance. Finally, we will define key elements that are critical to successful Incident Response Planning.
11:45 - 12:15

Learning from PFI Investigations

Presented by: Gareth Bowker, Director of Privacy and Information Security, PCI Security Standards Council

Learning from analysis of PFI investigations about what is most often identified as causing or contributing to cardholder data breaches.
12:15 - 12:45

Making a Global Impact with PCI SSC: How You Can Get Involved and Resource Overview

Presented by: PCI Security Standards Council

Attend this sesion to hear about everything that PCI SSC has to offer you and your organization so you can help secure payment data. We will also share all the ways you can be more involved with PCI SSC.
12:45 - 12:50

Closing Remarks

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council