Agenda

Join us for two days of discovery, updates and insights from members of the Council and regional community figures and merchants.

WEDNESDAY, 23 MAY
7:30 - 18:30Registration Open
7:30 - 9:00Networking Breakfast and Vendor Showcase

Sponsored By:

9:00 – 9:15Welcome Remarks
Presented by: Jeremy King, International Director, PCI Security Standards Council
9:15 - 10:00Keynote: State of the Council
Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

This session opens the Community Meeting with an extensive look into some of the PCI SSC’s current and global affairs and how, collaboratively, we help secure payment data
10:00 - 10:45Regional Insights, a Panel Discussion
Moderated by: John Crossley, Chief Risk Officer, Japan, VISA
Panelists:
Hiroshi Shirai, Manager, Promotion Section1, Customer Care & Operation Division, SoftBank Corp.
Kazunori Iida, General Manager, Card Security Center, Japan Consumer Credit Association (JCA)
Daigo Mori, Secretariat, Japan Card Data Security Consortium (JCDSC) (NIPPON OFFICE SYSTEMS LTD.)
Join this session for a panel discussion on the Asia-Pacific threat landscape, evolution of payments and how the region is helping to secure payment data.
10:45 - 11:15Networking Break and Vendor Showcase
11:15 - 12:15Shifting Paradigms: How Innovation is Changing Payment Security (and Standards)
Presented by: Troy Leach, Chief Technology Officer, PCI Security Standards Council

Don’t miss this session for a look into the evolution of payments and security standards. Hear about some opportunities and challenges that have been created by the innovations in technology. This session will also cover how PCI SSC is addressing these changes and how you can help.
12:15 - 13:00Industry Keynote: Payment Security in Japan
Presented by: Satoshi Shoda, Director, Commerce Supervisory Division, Japan’s Ministry of Economy, Trade and Industry (METI)

This session will cover trends of fraud increases in Japan and Japan’s Payment Security Action Plan, which addresses payment data security, EMV, and CNP fraud prevention.
13:00 - 14:00Networking Lunch and Vendor Showcase

Sponsored By:

14:00 - 14:45"P2PE Rising Sun" Toward 2020
Presented by: Naoaki Suda, Security Consultant, NRI SecureTechnologies, Ltd.

In preparation for the 2020 Tokyo Olympic Games, the Japanese government has issued a bill and guidelines to secure the safety of payment transactions. A lot of merchants are trying to comply with the guidelines, however, they are facing some issues. One of the solutions to their issues is Point to Point Encryption Solutions. In order to catch up with advanced payment markets in other countries, both P2PE QSA and certified P2PE solutions started in Japan. In this session, learn more about the current challenges of P2PE here in Japan.
14:45 - 15:30Managing and Maintaining PCI DSS Compliance in an Offshoring and Outsourcing Environment
Presented by: Swati Sharma, Senior Specialist Security/PCI QSA, BT Plc.

Outsourcing has been a competent business tool to deliver quality and reduced cost. This case study will showcase how organisations can benefit from outsourcing cardholder data functions without compromising on cardholder data security and compliance. There are various compliance and security challenges to be dealt with in typical global outsourcing and offshoring environment. This case study will demonstrate how a well-structured compliance program can support business strategy.
15:30 - 16:00Networking Break and Vendor Showcase
16:00 - 16:30Don`t Be Afraid of Onsite Assessment!
Presented by: Yoichi Ueno, Representative Director President, International Certificate authority of Management System Co., Ltd.

Often when you hear the words audit or assessment, you put yourself in a posture of defense and hide information from QSAs. Consequently, you will never fully grasp your present situation. Learn how to enjoy communicating with QSAs to improve the awareness and correspondence of the information security of the organization, while also creating a more effective audit. In this session you will be introduced to the benefits of PCI DSS assessment, ensuring you will look forward to having an audit each year!
16:30 - 17:00Connected API Security Based on Open Web Application Security Project (OWASP) Top 10 Most Critical Security Risks 2017
Presented by: Riotaro Okada, Executive Researcher, Asterisk Research, Inc.

Using APIs to connect systems/processes and dealing with cardholder data has become increasingly common. The latest release of the OWASP Top 10 focuses on these areas and provides practical guidance, useful in complying with Requirements 5 and 6 of the PCI DSS. In this session, we will discuss common risks as well as how to avoid and mitigate them with secure development practices.
17:00 - 17:30Could PCI DSS Have Prevented that Breach?
Presented by: Raymond Simpson, Regional Director - APAC, Foregenix

In this session, hear a case study of a major breach investigated by Foregenix that spanned multiple players in the financial industry. This session will provide an overview of the breach, including details of the complexity, timing, response, investigation, and containment. We will also review control failures of organizations and provide the mapping of PCI DSS to the compromised entity's posture. Additionally, this session will highlight how correct implementation of PCI DSS could have prevented the breach.
17:30 - 19:00Networking Reception and Vendor Showcase
THURSDAY, 24 MAY
7:30 - 10:45Registration Open
7:30 - 9:00Networking Breakfast and Vendor Showcase

Sponsored By:

9:00 - 9:30Welcome Remarks
Presented by: Jeremy King, International Director, PCI Security Standards Council
9:30 - 10:15Keynote: Challenges for Tokyo 2020 Games
Presented by: Hiroaki Ibayashi, Senior Director of Cyber Security, The Tokyo Organising Committee of the Olympic and Paralympic Games
10:15 - 10:45Networking Break and Vendor Showcase
10:45 - 11:15Behind the PCI PIN Transaction Security (PTS)/P2PE Curtain - Lessons from the Wizards of Aus
Presented by: Sajal Islam, Audit Manager, UL, and David McGregor, Laboratory Manager, UL

Many merchants use PTS approved devices to accept payments, and increasingly some are using these devices as part of a PCI P2PE compliant solution to help reduce their PCI DSS scope. But what is involved in a PTS evaluation? What is - and what is not - provided by approved systems? How do the PTS and P2PE requirements complement each other, and interact with the other PCI standards? What is the impact of the new PCI PIN on COTS requirements on PTS and P2PE? This session plans to answer these questions and more.
11:15 - 11:45Your Data Security is as Strong as Your Weakest Employee
Presented by: Thanut Pimhataivoot, Team Leader, IT Compliance & Audit, NTT Data (Thailand) Co., Ltd.

This session will discuss the case study of implementation, failure and remediation of employee's security awareness and its tremendous effect on overall card data security. Furthermore, the session will showcase how implementing an effective awareness program and PCI DSS business-as-usual process can help significantly improve the overall awareness and card data security.
11:45 - 12:30PCI Programs Update
Presented by: Mauro Lance, Chief Operating Officer, PCI Security Standards Council

Join this session for a look into how the Council’s Programs fit into its overall strategy, and how they are impacted by industry’s feedback, collaboration and evolution.
12:30 - 13:00Making a Global Impact with PCI SSC: How You Can Get Involved and Resource Overview
Presented by: Jeremy King, International Director, PCI Security Standards Council and Mark Meissner, Vice President Public Relations, PCI Security Standards Council

Attend this session to hear about everything that PCI SSC has to offer you and your organization so you can help secure payment data. We will also share all the ways you can be more involved with PCI SSC.
13:00 - 14:00Networking Lunch and Vendor Showcase
14:00 - 15:30Assessor Session (QSAs, ASVs, and ISAs only)

Join your peers for a Q&A session with the PCI SSC team to discuss what is new for assessors and tips for ensuring your assessments get great feedback.