Join us for four days of learning, discovery, updates from the Council, regional community speakers, merchants, industry experts, and more.

The PCI SSC 2020 North America Community Meeting Call for Speakers has Closed.

All session times are in Eastern Standard Time.

Agenda times are subject to change.

All presentations will be available in the General Session. On-Demand content will be released immediately following the Community Experience each day. Attendees can access sessions by navigating to the “Filter By” drop down menu and searching by content type.

  • Tuesday 6 October
  • Wednesday 7 October
  • Thursday 8 October
  • Friday 9 October

Tuesday 6 October

Morning Main Sessions

11:00 AM - 11:05 AM

Opening Remarks and Overview

Presented by: Katty Kay, Lead Anchor, BBC World News America

11:05 AM - 11:30 AM

Community Meeting Kick-off

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

11:30 AM - 12:00 PM

PCI DSS v4.0 – Part 1: Evolving Through the Power of Feedback

Presented by: Lauren Holloway, Director, Data Security Standards, PCI Security Standards Council and Emma Sutcliffe, SVP, Standards Officer, PCI Security Standards Council

Join PCI Council leaders to hear the latest on PCI DSS v4.0, including key insights into how feedback from the last RFC has helped shape and evolve the draft for the upcoming RFC.  
Sponsored by
12:00 PM - 12:10 PM

Wellness Break - Take a moment to get up from your computer, refill your water, stretch your legs, do what you need to do to recharge.

12:00 PM - 1:00 PM

Vendor Showcase

Visit and chat with our vendors, sponsors, and exhibitors.
Sponsored by

Brand and PCI SSC Offices

Representatives will be available to meet with you and answer questions.
1:00 PM - 1:30 PM

Community Experience - Located in the Community Café

Cooking, Cocktails, or Yoga

Get your ingredients ready and attend a cooking demonstration where you will make Chili Con Carne.

Attendees can follow along to create three delicious cocktails including an Old Fashioned, Classic Margarita, and Rum Runner.

Stretch both the mind and body with some relaxing and mindful stretches.

Sessions are pre-recorded.

Sponsored by

On-Demand Sessions - Will be released on the platform immediately following the Café Experience.

Content Disclaimer: The views and opinions expressed in external presentations are those of the external presenters and do not necessarily reflect the official standards or position of the PCI Security Standards Council.

Building a Continuous Risk Assessment Pipeline in DevOps

Presented by: Jake Marcinko, Senior Manager, Emerging Standards, PCI Security Standards Council and Altaz Valani, Director, Insights Research, Security Compass

In a DevOps world, we talk about "continuous everything". This means continuous risk management, continuous compliance, continuous security, continuous integration, continuous deployment, and so on. In this context, I will demonstrate how to construct a continuous risk artifact fabric from the generation of security policies to software development execution. I will show how this can be used to provide risk insights to various business/technical stakeholders across an Enterprise DevOps pipeline.

Challenges of Implementing a New Standard – A Panel Discussion

Moderated by: Tom White, Training Content Manager, PCI Security Standards Council

Panelists: Tanya Deen, Director, External Compliance, Global Payments and Nick Trenc, SSLCA, SSA, SSF, P2PE, PIN, Director, Coalfire

Join us for a panel discussion where we talk about the challenges of implementing a new standard in a large complex environment where Payment and Software Security is core to everything, at at time when the world is in lockdown.

Cloud Initiatives and Efforts

Presented by: Zeal Somani, ISA, Security and Compliance Specialist, Google and Mike Thompson, Senior Manager, Emerging Standards, PCI Security Standards Council

Join this session to walk through cloud-based initiatives and efforts currently in progress at the PCI Council.

Making PCI DSS Compliance Cloud-Native

Presented by: Travis Powell, Director, Training Programs, PCI Security Standards Council; Zeal Somani, ISA, Security and Compliance Specialist, Google and Ann Wallace, ISA, Security Solutions Manager, Google

In this talk, we’ll cover how to use cloud-native tools to meet several compliance requirements for PCI DSS as you migrate or modernize with cloud-native technologies such as containers. The security risk per component reduces with containers, however, meeting regulatory and compliance requirements are still the top concerns due complicated threat vectors. In this session, we will talk about how to securely adopt containers and at the same time remain PCI compliant.

PA-DSS/SSF Transition

Presented by: Tracey Harrington, CSCIP/P, Certification Programs Manager, PCI Security Standards Council and Jake Marcinko, Senior Manager, Emerging Standards, PCI Security Standards Council

In this session Jake Marcinko, PCI SSC Sr. Manager, Emerging Standards will share how PA-DSS compares to its successor, the Secure Software Framework and Tracey Harrington, Manager, Certification Programs will provide information on timelines and suggestions on how to prepare your organization to make the transition.

Payment HSMs As A Service

Presented by: Andrew Hodges, CTO, MYHSM

Join this session to hear about the overview of HSMs and their use, difference between Payment HSMs and General Purpose HSMs, PCI standards which require Payment HSMs. We will focus on PCI PIN and PIN translation as an example and how all of the PCI PIN requirements can be met by clear segregation of responsibility between entities.

PCI DSS 4.0: An Evolution or a Revolution

Presented by: Mark Repka, PCIP, QSA, CISM, CISA, CTPRA, Security Consultant, MegaplanIT Holdings, LLC

In this session learn about how technology has evolved tremendously, from the early accounting systems of paperwork and physical files to highly connected, cloud based, and cutting-edge payment systems of today. The standards, much like the technology must evolve to appropriately meet the instant functionality and secure payment capabilities of these systems. Defining your PCI 4.0 Transition plan will save time and ensure that your environment remains safe, secure, and in compliant with the latest industry trends.

The Growing Importance of Software Security

Presented by: Troy Leach, Senior Vice President, Engagement Officer, PCI Security Standards Council; Steve Lipner, Executive Director, SAFECode; Tommy Ross, Senior Director for Policy, BSA | The Software Alliance and Kevin Stine, Chief of the Applied Cybersecurity Division, National Institute of Standards and Technology’s Information Technology Laboratory (NIST)

Winning the War on Segmentation

Presented by: Mike Brown, Managing Consultant, SageNet and Paul Truitt, CISSP, CISA, CISM, CEH, Chief Information Security Officer, SageNet

Join us as we share the challenges we see every day related to network segmentation. What should and could be a standard definition across all audits seems to be a consistent point of confusion based on interpretation and background of each auditor we work with. This session will include a discussion around proper segmentation testing, implementation of gateways to help limit the risk from 3rd parties and support technicians, and how to define in-scope and connected to devices. We will also walk through why proper segmentation is critical to protecting sensitive data through sharing stories from our penetration testing team on how to exploit and bypass common segmentation technology as well as multi-factor authentication systems to gain access to cardholder data environments.

You’ve Gone Dark: How Inconsistent Configurations Are Blinding Your Security Team

Presented by: Boyd Clewis, QSA, CISSP, PCIP, CCSK, CISA, Sr. Consultant - Risk, Security, and Privacy, Online Business Systems

One of the easiest ways to fail a PCI assessment is to have an overcomplicated environment with a patchwork of systems, networks, servers, and applications using completely different configuration standards. In this presentation, Boyd Clewis uses his experience working with companies of all sizes to break down how creating consistency in configurations can enhance compliance and security while also saving time, energy, and money.

Wednesday 7 October

Morning Main Sessions

11:00 AM - 11:05 AM

Opening Remarks and Overview

Presented by: Katty Kay, Lead Anchor, BBC World News America

11:05 AM - 11:30 AM

Global Learning and Local Leading - Why your Participation is Critical to Payment Security Everywhere

Presented by: Troy Leach, Senior Vice President, Engagement Officer, PCI Security Standards Council

11:30 AM - 11:40 AM

Wellness Break - Take a moment to get up from your computer, refill your water, stretch your legs, do what you need to do to recharge.

11:40 AM - 12:05 PM

PCI DSS v4.0 – Part 2: New Customized Approach and Risk Analysis

Presented by: Marc Bayerkohler, Standards Trainer, PCI Security Standards Council

This second PCI DSS v4.0 session delves into the new customized approach and the essential role of risk analysis.  
Sponsored by
12:05 PM - 12:45 PM

Keynote: Cybersecurity – During the Pandemic and Well into the Future

Presented by: Dr Jessica Barker, Co-Founder, Co-CEO, Cygenta and FC, Co-CEO and Head of Ethical Hacking, Cygenta

12:45 PM - 1:00 PM

Wellness Break - Take a moment to get up from your computer, refill your water, stretch your legs, do what you need to do to recharge.

1:00 PM - 2:00 PM

Vendor Showcase

Visit and chat with our vendors, sponsors, and exhibitors.
Sponsored by

Brand and PCI SSC Offices

Representatives will be available to meet with you and answer questions.
2:00 PM - 2:30 PM

Community Experience - Located in the Community Café

Casual Conversations

Hosted by some very special and surprise guests, join fellow attendees for interactive conversations about sports, movies, and television. Be sure to arrive early, as space is limited and based on a first-come, first-serve basis.

Sports: Rick Stroud, Tampa Bay Times sports reporter and host of Sports Day Tampa Bay podcast

TV Shows: Clint Worthington, host of More of A Comment, Really… podcast

Movies: Matthew McArdle, Filmmaker & Screenwriter

Sponsored by

On-Demand Sessions - Will be released on the platform immediately following the Café Experience.

Content Disclaimer: The views and opinions expressed in external presentations are those of the external presenters and do not necessarily reflect the official standards or position of the PCI Security Standards Council.

ATM Cash Out - Learnings and Best Practices

Presented by: Alicia Malone, Senior Manager, Public Relations, PCI Security Standards Council and Yogesh Patel, PCI QSA, P2PE, PCI PIN QPA, VISA SA, Consultant, SISA

We will present a summary of the different types of ATM cash out attacks, which we have investigated. The session will include the ingress point, lateral movement in the network, and how the intruder was able to achieve his objective. Post, we will present some statistics regarding PCI DSS controls, which were missing in the environment. Lastly, we will conclude with the best practices which the industry can implement to detect this type of incident at an early stage.

Engagement in the PCI Community – What’s In It For Me?

Presented by: James Hamilton, Department Manager – Governance, Risk & Compliance, Enterprise Holdings, Inc. and Elizabeth Terry, PMP, CISSP, CBSA, PCIP, Senior Manager, Community Engagement, PCI Security Standards Council

Whether you have been in this industry for years or this is your first Community Meeting, I would like to share the value and benefits I've gained from increasing engagement in the PCI Community. As I've gone from a background participant in my organization's PCI compliance program, to my company becoming a participating organization, to now serving as a member of the PCI Council's Technical Advisory Board, I'll share key benefits that have resulted from increased engagement along the way.

How the Leading European Retailer Innovates Payments and Security

Presented by: Tomás Perlines, Head of Payment Security, Schwarz IT GmbH & Co KG

Schwarz Group is the leading European retailer providing card payments via multiple payment channels throughout its subsidiaries, among them being the retail brands Lidl and Kaufland with more than 12.000 locations. The enforcement of Compliance Programmes such as PCI DSS comes along with specific market demands and any solution should always be accepted by the customers. We will outline how we set the course to substantial innovation in payments and its security in order to meet all expectations.

Track One

Learning from PFI Investigations – 2020

Presented by: Gill Woodcock, VP, Global Head of Programs, PCI Security Standards Council

We will be sharing an update on what we’ve learned from investigations completed by PCI Forensic Investigators (PFIs) and look at what has changed in the last 12 months. We’ll look at what trends are showing, give an insight into what PFIs are reporting on factors which cause and contribute to cardholder data breaches and how companies can benefit from this knowledge.

LIVE DEMO: Catching Criminals in the Act: E-Commerce Skimming and What to Do About It

Presented by: David Ellis, GCIH, PFI, QSA, CISSP, VP of Forensic Investigations, SecurityMetrics and Chad Horton, CISSP, Senior Director of Penetration Testing, SecurityMetrics

E-commerce skimming impacts thousands of online retailers and results in the loss of millions of dollars. SecurityMetrics’ VP of Investigations, David Ellis, and Senior Director of Penetration Testing, Chad Horton, will demonstrate how e-commerce skimming happens, explain why this attack is so successful, and why conventional defenses–like file integrity monitoring (FIM), antivirus, and ASV scans–do not detect or prevent e-commerce skimming.

Online Digital Skimming

Presented by: John Bloomfield, Standards Development Manager, Data Security Standards, PCI Security Standards Council and Carlos P. Kizzee, EVP Intelligence Operations and Legal Affairs, Retail and Hospitality ISAC

Trends and Evolution of Mobile Payments

Presented by: Berny Goodheart, Device Standards Manager, PCI Security Standards Council

In this presentation we'll discuss some of the advancements and trends in security for mobile authentication. We'll discuss biometrics, the Trusted Execution Environment, and Operating System extensions that are used to steer our industry towards secure mobile payments.

Update on POI v6

Presented by: Leon Fell, CPA, CIA, CMA, CISA, CITP, Director of Solutions Standards, PCI Security Standards Council and Lars Hanke, Senior Consultant, Deutsche Telekom Security GmbH

Overview of the updates for the newly published POI v6 Security Requirements, including details on the new Domain-Based Asset Flow Analysis.

Updates on PCI SSC Mobile Security Standards

Presented by: John Markh, Senior Manager, Emerging Standards, PCI Security Standards Council

Join this session to hear about timelines, key principles, and high-level architecture of the security standards for mobile payment acceptance channels (SPoC and CPoC). Learn what to expect in future Contactless on COTS with PIN and the security advancement in the COTS devices.

 

Thursday 8 October

Morning Main Sessions

11:00 AM - 11:05 AM

Opening Remarks and Overview

Presented by: Katty Kay, Lead Anchor, BBC World News America

11:05 AM - 11:25 AM

PCI DSS v4.0 – Part 3: Evolving Nature of Authentication Practices

Presented by: Joel Weisz, Emerging Standards Manager, PCI Security Standards Council

Part three of the PCI DSS series explores how evolving authentication practices have influenced the next draft of PCI DSS v4.0.
11:25 AM - 12:10 PM

Keynote: Preparedness, Crisis Management, and Communications

Presented by: John Volanthen, World Record-Holding British Cave Diver

12:10 PM - 12:30 PM

Wellness Break - Take a moment to get up from your computer, refill your water, stretch your legs, do what you need to do to recharge.

12:30 PM - 1:30 PM

Vendor Showcase

Visit and chat with our vendors, sponsors, and exhibitors.
Sponsored by

Brand and PCI SSC Offices

Representatives will be available to meet with you and answer questions.
1:30 PM - 2:00 PM

Community Experience - Located in the Community Café

Magic and Mindreading

Prepare to be entertained by a digital illusionist with a highly interactive virtual magic and mentalist show like no other. Be sure to arrive early as space is limited and based on a first-come, first-serve basis.

Sponsored by

On-Demand Sessions - Will be released on the platform immediately following the Café Experience.

Content Disclaimer: The views and opinions expressed in external presentations are those of the external presenters and do not necessarily reflect the official standards or position of the PCI Security Standards Council.

Airlines Rethinking Payment Solutions to Meet the Challenge of PCI Compliance

Presented by: Leonardo Polvora, PCI QSA, ISO/IEC, ISACA CRISC, Principal Security Consultant, SecureTrust, a Trustwave division

Airlines have long been associated with flight safety and operation security but like others, must now look to address customers payment security as well. This session talks us through the common challenges traditional and outdated payment solutions pose to airlines and tells the story of how addressing the challenge of PCI compliance enables airlines to update to secure payment solutions and rethink the payment process, enabling new business opportunities to bring home a return of investment.

Better Living Through Better Passwords

Presented by: Hoyt Kesterson, QSA, CISSP, CISA, Senior Security & Risk Architect, Avertium

Salting and large iterations are no longer enough to protect stored hashed passwords. Using techniques and specialized processers developed for cryptocurrency mining, attackers have the cost/performance advantage to compute large numbers of hash values. Memory-hard hashing recommended by the 2017 NIST guidance on passwords lets traditional servers recover that advantage. Using hash methods like balloon and enlisting users in detecting credential attacks will protect your business for the future.

Cryptography Evolves

Presented by: Ralph Poore, Director, Emerging Standards, PCI Security Standards Council

How is the evolution of cryptography forcing our standards to evolve? Session addresses the why and how that support the sunrise dates (the what) with a focus on changes in PIN standards. Provides an overview of the project steps involved in meeting these dates.

P2PE - So Much More than an Acronym

Presented by: Matt O’Connor, AQM Manager, PCI Security Standards Council and Mike Thompson, Senior Manager, Emerging Standards, PCI Security Standards Council

Mike Thompson and Matt O'Connor delve into the PCI SSC's Point-to-Point Encryption (P2PE) Standard and accompanying Program, providing insight as well as highlights to the payments industry. Please join us while we peer into the many facets and peel back the layers of P2PE.

Getting the Most From Your Membership

Presented by: Jeremy King, Vice President, Regional Head for Europe, PCI Security Standards Council

As a Participating Organization you have access to a wide range of benefits that come with your membership. This presentation will run through what those benefits are and how as a PO you can make the most from them to maximize your membership and involvement with the PCI SSC to help reduce card payment fraud.

Healthcare Provider PCI Challenges and Insight

Presented by: Carl Angeloff, QSA, CISM, ISO 27001 Auditor, Director, Security Risk Advisors; Andrew Hardie, Assessor Quality Management (AQM) Analyst, PCI Security Standards Council and Ben Smith, VP, Chief Information Security Officer, Nuvance Health

Healthcare's focus on securing ePHI and the decentralized nature of healthcare payments have contributed to the industry 'catching up' to others in achieving a Business as Usual (BAU) PCI Compliance Program. This session will go over some of the unique challenges healthcare faces as well as industry insights on how to develop a BAU Program. Additionally, this session will go over the common payment processes that exist in healthcare and scope reduction solutions that can be considered to reduce.

How Bears, Cows and One Organization Continuously Secure the Environment - A Panel Discussion

Moderated by: Monica LaCroix, MCSE, CRISC, CISA, CISSP, QSA, Principal, Product Development & Innovation, Coalfire

Panelists: Nathan Beerbower, IT Security Analyst, Sheetz, Inc.; Eric Kitchens, PCI QSA, CISSP, CISA, PCI QPA, Managing Principal, Payments Assurance, Coalfire and Mark Mrotek, Director, PCI Security Standards Council

In this panel style presentation, Monica LaCroix, Program Development, Coalfire, will moderate providing analogies, stories and common compliance challenges, with PCI SSC's, Mark Mrotek, the client, Nathan Beerbower, and Coalfire's, Eric Kitchens, giving real-world examples and scenarios of how they took on a continuous compliance approach to solve these common challenges. We will explain how cows and bears guided their approach, as well as recommendations that are critical to enabling this type of ongoing compliance model.

Leveraging ISA's: A Faster Approach to PCI Compliance and Remote Assessments

Presented by: Walid Barakat, Vice President - Governance, Risk and Compliance, Global Payments Inc.; Stacy Hughes, CPA, CITP, CRISC, CISM, Chief Information Security Officer, Global Payments Inc. and Gill Woodcock, VP, Global Head of Programs, PCI Security Standards Council

Global Payments Inc. present a real-world case study on the benefits and approach for integrating PCI Internal Security Assessors into a worldwide compliance program and the impact on demonstrating compliance with remote assessments for multiple standards.

Merchants' Journey Through a Global Pandemic – A Panel Discussion

Moderated by: Lindsay Goodspeed, Senior Manager, Corporate Communications, PCI Security Standards Council

Panelists: Jacob Ansari, CISSP, QSA/PA-QSA (P2PE), Senior Manager, Schellman & Company, LLC; Andy Kirkland, CISO, Starbucks Coffee Company and Marie-Christine Vittet, VP Compliance, ACCOR

PIN Points—Cryptographic Standards

Presented by: Ralph Poore, Director, Emerging Standards, PCI Security Standards Council and Jeff Stapleton, X9F4 Chair, ASC X9 Financial Services

Protecting PIN through cryptography and the cryptographic standards that facilitate this. Session addresses cryptographic key blocks, ISO Format 4 PIN blocks, and available resources for those who need to implement cryptography in conformance to PCI PIN standards.

Friday 9 October

Morning Main Sessions

11:00 AM - 11:05 AM

Opening Remarks and Overview

Presented by: Katty Kay, Lead Anchor, BBC World News America

11:05 AM - 11:25 AM

PCI DSS v4.0 – Part 4: Third-Party Relationships and Cloud Services

Presented by: John Bloomfield, Standards Development Manager, Data Security Standards, PCI Security Standards Council and Lauren Holloway, Director, Data Security Standards, PCI Security Standards Council

Our final PCI DSS v4.0 presentation centres on third-party service providers and customer relationships, including a focus on cloud and multi-tenant providers.
11:25 AM - 11:55 AM

Keynote: The Perils of IoT When Working From Home

Presented by: Ken Munro, Partner and Founder, Pen Test Partners

11:55 AM - 12:00 PM

Looking Towards The Future

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

12:00 PM - 12:20 PM

Wellness Break - Take a moment to get up from your computer, refill your water, stretch your legs, do what you need to do to recharge.

12:20 PM - 1:20 PM

Vendor Showcase

Visit and chat with our vendors, sponsors, and exhibitors.
Sponsored by

Brand and PCI SSC Offices

Representatives will be available to meet with you and answer questions.
1:20 PM - 1:50 PM

Community Experience - Located in the Community Café

Conversations with the Council

These “Birds of a Feather" live conversations will be led by PCI SSC staff and focus on the themes listed below. Be sure to arrive early as space is limited and based on a first-come, first-serve basis.

Acquirers: Marc Bayerkohler

PCI Software Security Framework: Tom White & Jake Marcinko

Security when working from home: Jeremy King & Josh Koepsell

Challenges for PCI DSS remote assessments: Gill Woodcock & Emma Sutcliffe

Vendor/Labs: Tim Cormier & Mark Mrotek

On-Demand Sessions - Will be released on the platform immediately following the Café Experience.

Content Disclaimer: The views and opinions expressed in external presentations are those of the external presenters and do not necessarily reflect the official standards or position of the PCI Security Standards Council.

Tech Demos

Sponsored by

Cyberthreats, Accidental Risk and the Shift Towards Continuous Compliance in the Cloud: Mike Annand, Director of Customer Compliance, Armor Defense Inc.

HackEDU Secure Coding Training: Tyler Pratte, Global Strategic Account Manager, HackEDU

How Security Orchestration, Automation and Response tools can be leveraged to better defend your PCI infrastructure: Dominick Vitolo, VP of Security Services, MegaplanIT Holdings LLC

Leveraging SAINT Security Suite to Meet PCI DSS Requirements: Sam Kline, CTO and Jane Laroussi, Senior IT Security Specialist, Carson & SAINT

Navigating the PCI Journey with CIS: Susan Lindquist, Cybersecurity Solutions Engineer, Center for Internet Security

Verizon Tech Demo: Sean Sweeney, Global PCI Lead, MCI Communications, Inc. dba Verizon Business Services

Global Executive Assessor Roundtable Update

Presented by: Jacob Ansari, CISSP, QSA/PA-QSA (P2PE), Senior Manager, Schellman & Company, LLC; Gary Glover, Vice President of Assessments, SecurityMetrics and Lance J. Johnson, Executive Director, PCI Security Standards Council

Join this session to hear about the program’s successful inaugural run and what we can expect from the GEAR in the future.

Mapping the MITRE ATT&CK® Framework to the PCI DSS

Presented by: Jeff Man, Information Security Evangelist, Online Business Systems

MITRE ATT&CK® is a framework for evaluating the security of organizations and cybersecurity products/services based on real-world observations of 266 techniques (attacks) tied to12 tactics (goals). The framework also provides mitigations - and this is where I wanted to see how well PCI DSS protects an entity from ATT&CK. My hypothesis is that every mitigation is found in the PCI DSS. I will present the results of my analysis and discuss key findings.

PCI SSC Council and Standards Update – Assessing PTS Devices

Presented by: Tim Cormier, Senior Manager, Device Standards, PCI Security Standards Council

Watch this session for a quick look at how terminals are tested to receive PCI PTS approval.

Petrol Taskforce Update

Presented by: Kara Gunderson, PCIP, Manager, Payment Card Operations, CITGO Petroleum Corporation and Elizabeth Terry, PMP, CISSP, CBSA, PCIP, Senior Manager, Community Engagement, PCI Security Standards Council

Join PCI SSC’s Elizabeth Terry and CITGO’s Petroleum’s Kara Gunderson for an update on the Petroleum Task Force and learn how this group of industry participants are helping PCI SSC address some of the unique and often complex challenges for petroleum retailers.

QA @ PCI: How the Council Ensures Integrity in its Programs

Presented by: Nikki Billman, AQM Manager, Operations, PCI Standards Security Council and Brandy Cumberland, Director of Assessor Quality Management (AQM) Programs, PCI Security Standards Council

With an ever-expanding portfolio of programs, how does PCI SSC maintain the integrity of its Programs? Members of the Assessor Quality Management (AQM) Programs team will provide an overview of PCI SSC Programs and discuss the different approaches to PCI Program integrity.

Small Merchant Task Force – 2020 Efforts

Presented by: Natasja Bolton, Strategic Partner Support Engagement Manager, Cyber Risk Services, Sysnet Global Solutions and Lauren Holloway, Director, Data Security Standards, PCI Security Standards Council

Join this session to get the latest updates from the Task Force, including their current PCI DSS v4.0 efforts to develop an approach for merchants to better understand their payment environments and correctly navigate to the appropriate self-assessment questionnaires.