Join us for three days of discovery, updates and insights from members of the Council, regional community figures and merchants.

Registration Now Open
  • Tuesday, Sep 17
  • Wednesday, Sep 18
  • Thursday, Sep 19

Tuesday, September 17

1:00 PM - 1:15 PM

Opening Remarks: Collaboration and Community - Working Together to Secure Payment Data

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

A brief overview on how the community is coming together in many ways on many levels to build a secure future of payments.
1:15 PM - 1:30 PM

Community Meeting Kick-Off

Presented by: Jeremy King, International Director – Europe, PCI Security Standards Council

Don’t miss important information about the event and all that is in store. Learn how to make the most of your time while in Vancouver.
1:30 PM - 2:15 PM

Council Insights from Board of Advisors and Industry Partners - A Panel Discussion

Moderated by: Laura Gray, Senior Director of Communications, PCI Security Standards Council

Panelists: Kathy Meader, Vice President, Member Education Services, Retail Solutions Providers Association (RSPA); Erik Pols, Retail Information Security Manager, Royal Dutch Shell, Ltd. and Amy Zirkle, Board of Advisors PCI SSC, Electronic Transactions Association (ETA)

Join this engaging discussion to hear how panelists have worked in collaboration with the Council, and have lent their insight and expertise to the mission of enhancing global payment account data security.
2:15 PM - 3:00 PM

Industry Keynote: Cybersecurity: Past, Present, and Future

Presented by: Joshua Costa, Senior Consultant, Investigative Response, Verizon Threat Research Advisory Center (VTRAC) and Christopher Novak, Co-founder and Global Director, Verizon Threat Research Advisory Center (VTRAC)

Christopher Novak and Joshua Costa will walk through the evolution of the cybersecurity landscape. The session will discuss how threat actors have modified their hacking tradecraft in an attempt to get ahead of today’s security enhancements. Real world investigative examples will be used to highlight and demonstrate how this has been seen within the payment card industry related to both card-present and card-not-present transactions. The session will also provide recommendations and takeaways that can aid attendees in their PCI compliance and security journey and reduce their breach profile.
3:00 PM - 3:30 PM

Networking Break and Vendor Showcase

3:30 PM - 4:00 PM

PCI SSC Turns 13: What's Ahead

Presented by: Troy Leach, Chief Technology Officer, PCI Security Standards Council

Reflecting on the changes in payments over our history that has influenced upcoming standards such as DSS v4.0, Software Security Framework and the PCI SSC’s new engagement model.
4:00 PM - 4:45 PM

Understanding PCI DSS 4.0

Presented by: Emma Sutcliffe, Senior Director, Data Security Standards, PCI Security Standards Council

4:45 PM - 5:15 PM

P2PE v3.0 Update

Presented by: Michael Thompson, Senior Standards Manager, Emerging Standards, PCI Security Standards Council

Join Mike Thompson, the Chair for the PCI Council's Point-to-Point Encryption Working Group, on an insightful tour of the highlights of P2PE v3.0.
5:15 PM - 5:45 PM

Software Security Framework: Roadmap, Impact and Next Steps

Presented by: Jake Marcinko, Standards Manager, PCI Security Standards Council and Elizabeth Terry, Community Engagement Manager, PCI Security Standards Council

Join PCI SSC to hear about the Software Security Framework to learn how the two standards within the framework work together and the impact on participants in the SSF program and the PA-DSS Program. You will also hear how the SSF may benefit your organization through use cases that highlight the interaction between the two standards. Finally, next steps for the framework in 2019 and beyond will be discussed.
5:45 PM - 5:50 PM

Day 1 Closing Remarks

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

Reflecting on Day 1 and bringing it all together.
6:00 PM - 7:45 PM

Welcome Party

Join us at PCI’s “Seasons of Security” Welcome Party and experience winter, spring, summer, and fall – Vancouver style.

Sponsored by

Wednesday, September 18

7:30 AM - 9:00 AM

Networking Breakfast and Vendor Showcase

Sponsored by

9:00 AM - 9:15 AM

Welcome Remarks

Presented by: Jeremy King, International Director – Europe, PCI Security Standards Council

9:15 AM - 10:15 AM

Keynote: Cryptocurrency, Artificial Intelligence, Machine Learning, & the Internet of Things

Presented by: Theresa Payton, Founder, President and CEO, Fortalice Solutions, LLC

New technologies are in the news every day but is it all just hype or a true workplace reality? Are you leveraging Blockchain, Cryptocurrency, Artificial Intelligence, Machine Learning & the Internet of Things as part of your go to market strategy? You may wonder, are these data elements safe from hackers? Payton explains how to harness these newer technologies to achieve business goals while incorporating safeguards to fight cybercriminals and how the Blockchain could be your new security BFF and how Cryptocurrency, AI, and the Internet of Things have quickly become key drivers of global change.
10:15 AM - 10:45 AM

Networking Break and Vendor Showcase

Sponsored by

10:45 AM - 11:15 AM

Track One (Closing the Gap with Diversity in Payment Security)

Closing the Gap with Diversity in Payment Security
Track Sponsored by

Driving Positive Change for Diversity in Payments - A Panel Discussion

Moderated by: Robin Trickel, CISSP, Vice President, Industry Engagement, American Express Global Network

Panelists: Stacy Hughes, WNET (Women's Network in Electronic Transactions) Corporate Visionary Member, SVP, IT Governance, Risk and Compliance, Global Payments Inc.; Lance J. Johnson, Executive Director, PCI Security Standards Council and Amy Zirkle, Board of Advisors PCI SSC, Electronic Transactions Association (ETA)

Track Two (Implementation of Best Practices)

Implementation of Best Practices

Managing and Assessing PCI Compliance for Franchisees

Presented by: Slade Burroughs, PCI ISA, CISSP, PCIP, Sr. Risk and Compliance Analyst, Yum! Brands; John Jordan, PCI QSA, CISSP, Associate Director, Protiviti and Joe Murrell, PCI QSA, CISSP, CISA, GSEC, Senior Manager, Protiviti

Join team members from Yum! Brands (parent of Taco Bell, Pizza Hut, and KFC) and Protiviti for a case study on how to manage PCI DSS compliance and assessments of Franchisees. Hear perspectives from the Franchisor (Yum!) on challenges faced while supporting hundreds of franchisees and from the QSAC (Protiviti) on how a partnership can help to educate franchisees and apply best practices for securing payment systems while facilitating efficient assessments to ensure continued compliance.
11:25 AM - 11:55 AM

Track One

Opening the Talent Spigot to Secure Our Digital Future

Presented by: Ed Adams, Board of Directors, ICMCP (International Consortium of Minority Cybersecurity Professionals)

With a cyber security job shortage of ~3.5M qualified professionals, the need for talent has never been greater. But how do you identify and retain the talent needed to secure our digital economy? PCI standards are the most influential and adopted non-regulatory frameworks in the industry - learn them or master a domain and you’ll be in demand. This presentation discusses workforce planning strategies related to PCI standards and resources that provide training and guidance for those interested in security careers.

Track Two

PCI DSS for Large Organizations, 2019 SIG Effort

Presented by: Paul Curtis, Enterprise Compliance PMO, FedEx Services; Lacey Johnson, Senior Technical Program Manager, Akamai Technologies and Jake Marcinko, Standards Manager, PCI Security Standards Council

12:05 PM - 12:35 PM

Track One

Making Organizations Stronger with Diversity, Networking and Mentorship

Presented by: Stephanie Benoit-Kurtz, MBA, CCISO, CGEIT, CRISC, CHP, Director of Cyber Security, Station Casinos

As a woman in senior leadership and IT often times the seat at the table is a bit intimidating. Often females are dismissed as not having either the technical knowledge or business prowess to make key decisions around PCI issues. Learn to leverage knowledge, skill, and fact-based analysis to drive past the diversity issue. Take away some best practices around building processes, gaining trust and creating tools that will establish credibility among peers and executives.

Track Two

Scoping…A Week That Pays Results in Complex Environments

Presented by: Walid Barakat, Vice President - External Compliance, Global Payments Inc and Stacy Hughes, WNET (Women's Network in Electronic Transactions) Corporate Visionary Member, SVP, IT Governance, Risk and Compliance, Global Payments Inc.

This presentation examines engagement internally within Global Payments to: 1) review cardholder data flow diagrams, 2) significant changes, 3) cloud environments, 4) sampling, 5) upfront evidence gathering, 6) utilizing ISAs, 7) benefits related to ongoing security posture and compliance efforts, 8) control metrics, and 9) overall governance through the IT GRC team. This approach has helped to gain efficiencies and knowledge of Global’s environments with their assessors.
12:35 PM - 1:35 PM

Networking Lunch and Vendor Showcase

Sponsored by

1:35 PM - 2:05 PM

Track One (Inside the Threat Landscape)

Inside the Threat Landscape
Track Sponsored by

Mass Fraud: Pwning your kids, your car & winning America's Got Talent

Presented by: Ken Munro, Partner and Founder, Pen Test Partners

IoT security is getting worse. More & more we see large numbers of consumers exposed to fraud, specifically linked to service subscriptions and micro payments. We’ll explore these issues & show how to spot the fraud & how to mitigate against it. The session will contain entertaining live hacking demonstrations of not-so-smart product security, exposing PII & more. We’ll also provide advice for organisations to help design security in & design fraud out of their smart product offerings.

Track Two (New Payments and Trends )

New Payments and Trends

EMV® Secure Remote Commerce

Presented by: Carey Ferro, EMV® Secure Remote Commerce

In response to the ongoing advancement of payment technologies, technical body EMVCo has published EMV SRC v1.0, a set of specifications that enable the creation of a ‘virtual payment terminal’. It provides a foundation that will enable industry solutions for the processing of e-commerce transactions in a consistent, streamlined fashion across a variety of remote-checkout environments channels and consumer devices, including smartphones, tablets, PCs and other connected devices. EMVCo has also launched a payment icon, which signals EMV SRC availability at participating remote-checkout environments. Delegates attending this presentation will receive an introduction to EMV SRC and an insight into how it addresses the current challenges within the remote payments environment.
2:15 PM - 2:45 PM

Track One

Website Supply Chain: Your Hidden Risk

Presented by: Paul Guthrie, CISSP, CISA, QSA, PA-QSA, VP, PSC

As websites have become more complex, the number of third-party sites a website depends on has grown significantly. Security flaws in these third parties have lead to compromises of card data such as Magecart. This session will explore the risk of third party inclusions on websites, consequences of insecure website management and strategies for reducing risk and properly managing all website content.

Track Two

Solving Tomorrow’s Problems Today

Presented by: Jerry Archer, CISSP, Chief Security Officer, Major Financial Services Company and John Yeoh, Global Vice President of Research, Cloud Security Alliance (CSA)

2:55 PM - 3:25 PM

Track One

Emerging Cloud Technologies

Presented by: John Markh, Standards Manager, Emerging Standards, PCI Security Standards Council and Brian Serra, Payments Security Lead, Target Corporation

Discuss emerging cloud technologies, including Cloud HSM, Function-as-a-Service and Blockchain-as-a-Service, alignment with the traditional cloud categories published by NIST and ISO, and advice on how existing standards and guidance can be applied to secure these services.

Track Two

Updates and Trends in Point of Interaction Devices

Presented by: Tim Cormier, Manager for Device Standards, PCI Security Standards Council and Steve Jia, Payment Assurance Lab Manager, Intertek EWA-Canada

A look at how vendors are changing their devices to meet the new needs of the industry by changing designs and leveraging new technologies.
3:25 PM - 3:55 PM

Networking Break and Vendor Showcase

Sponsored by

3:55 PM - 4:25 PM

Track One (Deep Dive into Technology)

Deep Dive into Technology

How to Secure Cardholder Data in the API Economy

Presented by: Mordecai Kraushar, QSA, CISSP, Director of Audit, CipherTechs

Many are aware of the PCI DSS Council's recent announcements to address the new software paradigms; one component that needs particular focus is the topic of API (Application Program Interface) Security . This session will demonstrate an intentionally vulnerable API program and will challenge the attendees with how to test and secure that which might be a bit difficult to see, but will no doubt be transporting the bulk of payment card transactions in years to come.

Track Two (Merchant Perspectives )

Merchant Perspectives
Track Sponsored by

Moving Large Decentralized Organizations from PCI Complex to P2PE Compliant

Presented by: Richard Emrich, Director of Treasury, Financial Operations, Northwestern University and Bryan Jurewicz, Chief Operations & Revenue Officer, Arrow Payments

Learn how large decentralized organizations are quickly closing the gap from being PCI challenged to simplifying compliance by upgrading their payment systems using PCI Validated P2PE across their departments. Arrow Payments has supported Northwestern University in improving their payment processes and reducing PCI scope by leveraging P2PE solutions from multiple vendors. Northwestern has transitioned from being resource-constrained to full P2PE across campuses in a short period of time.
4:35 PM - 5:05 PM

Track One

Securing Emerging Payment Channels: Mobile Payment Acceptance

Presented by: John Markh, Standards Manager, Emerging Standards, PCI Security Standards Council

Join this session to hear about timelines, key principles and high-level architecture of the security standards for mobile payment acceptance channels (SPoC and CPoC). Learn what to expect in future revisions of SPoC and how you can participate.

Track Two

An Innovative Approach to Compliance and Security for SMBs

Presented by: Tim Horton, Vice President, Cyber Security and PCI Product, Fiserv (First Data) and Gabriel Moynagh, Chief Executive Officer, Sysnet Global Solutions

Sysnet, alongside regional clients, will present merchant case studies to show how it is possible to provide positive PCI compliance and cybersecurity experiences for merchants. Educating merchants on a one-to-one basis regarding the benefits of PCI compliance and taking a proactive approach to the provision of security tools, enables acquirers to achieve significantly higher levels of merchant portfolio compliance and also helps to build stronger acquirer/merchant relationships.
5:15 PM - 5:45 PM

Track One

Cryptographic Update

Presented by: Ralph Poore, Director, Emerging Standards, PCI Security Standards Council

Attend this session to get a better understanding of how Cryptography continues to evolve.

Track Two

Going Global – How a Regional PCI Compliance Program Transformed into a Global Initiative

Presented by: Carl Angeloff, Director, Security Risk Advisors and Paul Lagacey, CISSP, PCI ISA, PCIP, BBA, Vice President, Office of IT Operations, PCI Compliance, Chubb

This case study outlines the five-year journey of taking an international insurance provider’s PCI Compliance Program from reactive and ad-hoc audits to a business-as-usual compliance program executed across multiple continents. In addition to talking about the challenges, obstacles, and lessons learned along this journey, we will also discuss how scope reduction technologies and business stakeholder buy in were critical components to the success of the program.
5:45 PM - 7:15 PM

Networking Reception and Vendor Showcase

Sponsored by

Thursday, September 19

7:30 AM - 9:00 AM

Networking Breakfast and Vendor Showcase

9:00 AM - 9:15 AM

Welcome Remarks

Presented by: Laura Gray, Senior Director of Communications, PCI Security Standards Council

9:15 AM - 10:15 AM

Keynote: Innovation, Problem Solving & Rising to Unforeseen Challenges

Presented by: Mike Massimino, Former NASA astronaut, professor of Mechanical Engineering at Columbia University, and the senior advisor for space programs at the Intrepid Sea, Air, and Space Museum

Mike’s second spaceflight was the final Space Shuttle servicing mission to the Hubble Space Telescope. On that mission Mike was tasked with the most complicated spacewalk ever attempted: the in-space repair of a delicate scientific instrument inside of the telescope. A major miscue during that spacewalk nearly led to failure. But the ground control team and the astronauts in space worked together to come up with an innovative solution that saved the day and the mission. Mike explains how although not every problem has an obvious solution, preparation and innovation can help us overcome unforeseen challenges.
10:15 AM - 10:45 AM

Networking Break and Vendor Showcase

10:45 AM - 11:15 AM

How Having an ISA Makes Your Life Easier - A Panel Discussion

Moderated by: Elizabeth Terry, Community Engagement Manager, PCI Security Standards Council

Panelists: Tony James, CISSP, CISA, CRSC, Director, Target; Eric Kitchens, CISSP, CISA, CTGA, QSA, Senior Director, Coalfire Payments Assurance Services and Kevin Rich, Managing Principal, Coalfire Payments Assurance Services

An interactive Panel discussion with Target and Coalfire talking through the benefits of having ISA(s) on the team. How it can improve security, ongoing compliance and interactions with your QSA, while reducing friction, costs and time to solution.
11:15 AM - 11:45 AM

Learning from PFI Investigations

Presented by: Gill Woodcock, Senior Director of Certification Programs, PCI Security Standards Council

Learning from analysis of PFI investigations about what is most often identified as causing or contributing to cardholder data breaches.
11:45 AM - 12:30 PM

Su-Dunnit?: Tracking Privileged Access in the CDE

Presented by: Boyd Clewis, Senior Security Consultant - Risk, Security, and Privacy, Online Enterprises, Inc. DBA Online Business Systems; Rob Harvey, Director, Risk, Security and Privacy, Online Business Systems and Adam Kehler, Principal Consultant - Risk, Security, and Privacy, Online Enterprises, Inc. DBA

How do you find a system breach when the intruder is using a root account? In this live demonstration, Online Business Systems will engage the audience to participate in a “whodunnit” mystery to uncover who infiltrated the cardholder data environment (CDE) and exfiltrated payment card data. Through solving this mystery, stakeholders will discover how to identity and track those using privileged user accounts in the CDE so that system misuse and breaches can be discovered in less time.
12:30 PM - 12:35 PM

Closing Remarks

Presented by: Lance J. Johnson, Executive Director, PCI Security Standards Council

12:35 PM - 3:35 PM

Assessor Lunch and Session (QSAs, ISAs, ASVs, PFIs, QPAs, CPSAs only)

As an active assessor in the PCI SSC programs, join us for a special session to hear industry best practices, recent case studies, Council updates, live Q&A and networking opportunities with your peers.

Payment Vendor Lunch and Session (PCI Recognized Labs, PA-DSS Vendors, P2PE and SPoC Solution Providers Only)

Join your peers for an informational session including Q&A with the PCI SSC team to discuss what’s new for vendors and labs for PCI PTS, P2PE, Mobile and Software Security.