7:30 – 18:30 | Registration Open | |
7:30 - 9:00 | Networking Breakfast and Vendor Showcase | |
| Payment Brand and Council Office Hours | |
9:00 - 10:30 | Insights from the Council: Why More Collaboration is Key for Stronger Payment Security
Presented by: Stephen W. Orfei, General Manager, PCI Security Standards Council; Bruce Rutherford, Group Head, Fraud Management Solutions, MasterCard; 2015 Chairman of the PCI Security Standards Council; Kelly Funk, President and CEO, Retail Solutions Providers Association; Tim Horton, Vice President Security and Fraud Solutions, First Data Corporation | |
10:30 - 11:00 | Networking Break and Vendor Showcase | |
| Payment Brand and Council Office Hours | |
11:00 - 12:00 | The Flight Plan to Navigating Risk: What the Payments Industry Can Learn from Health Care and Aviation
Presented by: John Nance, Aviation and Health Care Expert, Analyst, Author & Consultant
What are three industries with higher risk than normal? Airlines, health care and payments. In this session, John Nance will address each in relation to one another pulling from his diverse background in health care and aviation and how the lessons he’s learned from these industries can be applied to the payments space when it comes to managing risk. | |
12:00 - 13:00 | Networking Lunch and Vendor Showcase | |
12:00 - 18:30 | Payment Brand and Council Office Hours | |
13:00 - 17:00 | Breakout Sessions | |
| Track One | Track Two |
13:00 - 13:50 | Discover the Critical Link Between PCI DSS Compliance and Real-World Security
Presented by: Ciske van Oosten, Global Intelligence Manager, Verizon PCI Security Practice
Mr. van Oosten, the Global Intelligence Manager for PCI Security Practice at Verizon Enterprise Solutions, and lead-author of the Verizon PCI Compliance Report will explain why less than a third (28.6%) of companies were found to be still fully compliant less than a year after successful validation, and why breached companies are less likely to be found compliant. Verizon’s annual PCI Compliance Report provides an in-depth assessment of the global state of payment security. It explores the approaches that organizations take to securing the cardholder data that they hold, the use of compensating controls across the industry, and the sustainability of security controls. | Overview Point-to-Point Encryption Version 2: What You Need to Know
Presented by: Dan Fritsche, Managing Director, Application Security, Coalfire; Ruston Miles, Chief Innovation Officer, SVP, Bluefin; Michael Thompson, Standards Manager, PCI Security Standards Council; Gill Woodcock, Director of Certification Programs, PCI Security Standards Council
This session will outline the latest on Point-to-Point Encryption (P2PE) Version 2 focusing on the feedback from the industry, the major changes and the benefits. It will also include an overview of the assessor perspective and what your organizations needs to know when implementing. |
14:00 - 14:50 | Fifty Shades of “In Scope” -- Dealing with “Near Scope” Assets. Mr. Grey Will See You Now
Presented by: Shawn Lukaschuk, Security & Compliance Specialist, IPS
How are the scope and reach of controls commonly misinterpreted? The root cause of common scoping mistakes will be explored, and tips for moving an organization beyond “store, process or transmit” will be addressed.
This presentation will also introduce a risk-based approach to identify scope issues and define the different “shades of scope.”
This approach considers the following:
• The scope’s relation to network architecture and controls
• Vertical, horizontal and “effective” segmentation
• The role of risk assessment and documentation | Mitigating the Data Breach Threat While Enforcing PCI DSS Compliance
Presented by: Christopher Strand, Senior Director of Compliance and Governance, Bit9 + Carbon Black
To address the increasingly sophisticated types of attacks on cardholder data environments, security teams must shift from merely checking the appropriate boxes to taking a “business-as-usual” approach to security. This session will address how to take such a continuous approach and will focus on three key aspects that security professionals should ensure are part of their overall framework: Application Control; Change Control and Policy Enforcement.
|
14:50 - 15:10 | Networking Break and Vendor Showcase | |
| Track One | Track Two |
15:10 - 16:00 | No More Credit Card Breach Risk -- How Caesars Implemented Point-to-Point Encryption (P2PE)
Presented by: Jeffrey Sanchez, Managing Director, Protiviti, and William Worthington, VP-IT Security, Caesars Corporation
Discover how Caesars Entertainment implemented a extremely large and complex P2PE environments, encompassing dozens of different payment applications, e-commerce channels and call centers.
| Requirements -1, 0, 13 and 14: The Big Picture of PCI DSS Compliance
Presented by: Lynda Daniluk, PCI Coordinator, City of Calgary , Robert MacKinnon, PCI Compliance Manager, TD Merchant Services and Thomas Siry, Security & Compliance Specialist, IPS
Becoming PCI DSS-compliant is a journey. Maintaining compliance and deriving value from it creates a legacy. The spiritual PCI DSS requirements --1, 0, 13 and 14 -- complement the existing 12 requirements to create the big picture of PCI DSS compliance. Attend this session to hear practical experience from more than 10 Canadian organizations on how the additional four requirements will assist organizations of any size to meet, maintain and mature PCI DSS compliance. |
16:10 - 17:00 | The Evolution of Transaction Security - EMV Chip, Mobile and Beyond
Presented by: Brian Byrne, Director of Operations, EMVCo; Troy Leach, CTO, PCI Security Standards Council and John Thomson, Director, Compliance and Regulations, Interac Association
Moderated by: Laura Johnson , Director of Communications, PCI Security Standards Council
Join experts from EMVCo, Interac and the PCI Security Standards Council as they discuss the adoption of EMV in Canada and lessons learned for the rest of North America, as well as what is ahead for next generation technology such as EMV Payment Tokens, 3-D Secure v2.0 and more. | Managing PCI Compliance in an Outsourced World: Challenges, Opportunities and Risks
Presented by: Adriana Gliga-Belavic, Director, Cybersecurity and Privacy, PCI Practice Lead, PricewaterhouseCoopers and Penelope Santana, Cybersecurity Consulting Manager, STIGroup, Ltd.
This presentation will focus on the evolving challenges and risks that merchants experience while outsourcing payment related services or IT environments. All merchants must remain accountable for protecting credit card information to maintain PCI Compliance. Reaching out to vendors to initiate the process may seem overwhelming, but establishing a methodology and framework to work from will help keep track of your risk exposure and establish a formidable risk management program. |
17:00 - 18:30 | Networking Reception and Vendor Showcase | |