Agenda

08:00 - 09:00

Registration and Networking Break 
09:00 - 09:10

Chairman’s welcome 
09:10 - 09:30

► PCI Security Standards : The latest developments in the payment space

Jeremy King, VP, Regional Head for Europe, PCI Security Standards Council

  • Version 4.0 transition timeline
  • Moving successfully to PCI DSS 4.0 
  • Steps to take in the next 6-9 months
09:30 - 09:50

► The Challenges of Managing E-commerce JavaScript

John Elliott, Security Advisor, Jscrambler

  • Managing JavaScript to meet the new requirements in DSS 4 is a challenge
  • The amount of JavaScript on websites is increasing, not decreasing
  • Optimising the business processes used to manage JavaScript is the only way to meet the new requirements
  • There isn’t a one-size-fits-all solution for every organisation or for every script
  • It’s important to understand what the standard asks for, not some people’s interpretation of it
09:50 - 10:10

►Transitioning from PCI DSS v3.2.1 to v4.0: Navigating the Changes and Future-Proofing Compliance

Martin Petrov, CTO – PCI, Integrity360

This session provides an in-depth analysis of the transition from PCI DSS v3.2.1 to v4.0, focusing on key changes, effective strategies for outsourcing non-core security activities, and future-proofing against emerging security threats. Highlights include:

  • Overview of new and evolving requirements and their relationship to core business processes.
  • The benefits of outsourcing in meeting the demands of an increasingly complex and rigorous standard.
  • Strategies for outsourcing non-core security activities to improve security posture, reduce compliance costs, and increase efficiency.
  • Best practices for ensuring continuous compliance in the dynamic payment security landscape.

Join us to gain insights and practical guidance on adapting to the evolving standards of PCI DSS and maintaining robust payment security.

 
10:10 - 10:30

► Case Study: From Zero to Hero, implementing a compliance framework for ISO27001, PCI DSS, SOC 2 Type 2 and Cyber Essentials Plus at a tech unicorn

Nicholas Howard, Director of Information Security, Reward Gateway

  • Journey from ISO to PCI to SOC 2 to CE+
  • Using automation to streamline the ongoing monitoring, assessment and audit processes
  • Lessons learnt along the way
10:30 - 11:10

Education Seminar Session 1

Delegates will be able to choose from the following education seminars:

  • Back to the Future, Parminder Lall, CEO and Founder, 1 Cyber Valley
  • PCI goals, timelines, myths: a QSA perspective, James Cullen, Principal Security Consultant, Lead QSA, SureCloud
11:10 - 11:40

Networking Break 
11:40 - 12:10

► Panel Discussion: So you’ve lost cardholder data, what now?

Eleanor Ludlam, Partner - Cyber, Privacy and Technology Litigation, Pinsent Masons (Moderator);
Jo Vane, InfoSec Compliance Director, Checkout.com
Soraya Viloria Montes de Oca, Group Information Security Officer, Harvey Nichols
Michelle Griffey, GRC Director, Paragon

  • It is impossible to guarantee 100% cardholder data security. So, if you do lose data, what are the key incident response and remediation priorities? 
  • Identify how attackers are accessing your environment?  
  • Determine how to mitigate attacker’s existing access? 
  • PR / legal responses? 
12:10 - 12:30

► How You Can Harness Data Discovery for Sustainable Compliance

Stephen Cavey, Co-Founder & Chief Evangelist, Ground Labs    

Data discovery forms the foundation of scoping for PCI DSS compliance, but there are several pitfalls to the process that can leave organizations exposed, non-compliant and at risk of data breach.

 In this session, you’ll learn:

  • The ugly, the bad and the good of scoping for PCI DSS
  • The dirty secrets of data discovery and how they could cost your compliance
  • The dark places your data hides and how you can implement effective discovery practices to identify them
  • The wider benefits of evidence-based discovery for PCI DSS compliance and beyond
12:30 - 13:10

► Education Seminar Session 2

Delegates will be able to choose from the following education seminars:

  • The Cloud: Why it’s the best place to achieve PCI DSS 4.0, Geoff Forsyth, CISO, PCI Pal
  • Securing your payment infrastructure and delivering PCI DSS compliance with the acceleration in AI driven services, Keith Harper, Pre-Sales Engineer, Sycurio
13:10 - 14:00

Lunch and Networking Break 
14:00 - 14:20

► Moving parts around PCI: Centralizing across technology, security and governance

Scott Storey, Cybersecurity Architect, University of Manchester

  • Responding to crisis and accelerating the opportunity for change  
  • Aligning  competing stakeholders  
  • Handling heritage and emerging technologies 
14:20 - 14:40

► 6.4.3 & 11.6.1: The Script to Secure Your Browser Scripts

Alex Gardner, Senior Product Marketing Manager, HUMAN & Richard Fridge, Enterprise Sales, HUMAN

Learn how to achieve and maintain compliance with PCI DSS 4.0 requirements 6.4.3 (authorise, justify, and assure the integrity of each payment page script) and 11.6.1 (alert to unauthorised modification to HTTP Headers in the consumer browser) while benefitting from the value of browser scripts.

  • Understand the scope of requirements 6.4.3 and 11.6.1
  • See how businesses can comply with the new requirements while securely benefitting from browser scripts
  • Learn more about what to look for in a solution
14:40 - 15:00

► PCI DSS and Quality Third-Party Supplier Relationships

Peter O'Sullivan, Principal Information Security Consultant, Blackfoot Cybersecurity

Service Providers are significant within the payment ecosystem, and their relationship with Merchants is essential in the protection of cardholder data.

The session will examine:

  • Some of the common challenges and mistakes experienced by service providers and merchants from their respective sides.
  • PCI DSS v4.0, and real-life problems observed in the merchant/service provider relationship; where in a worst-case scenario, the Service Provider causes a Merchant to be non-compliant.
15:00 - 15:30

Networking Break
15:30 - 16:00

Panel Discussion: PCI DSS-as-a-Consequence of “Secure in Operation": Striking the Balance: Compliance-Centric vs. Security-First Strategies 

Simon Turner, Head of Security Governance and Compliance, BT Group (Moderator);
Gaynor Rich, Former Deputy CISO, BT Group;
Anil Kumar, Head of IT Security, Risk and Compliance, Homebase;
Ahmed Rahman, CISO- Compliance Manager, Direct Line Group;
Laura Morgans, Security Risk and Compliance Manager, Dr Martens, Airwair International Ltd

  • Do alternative strategies, particularly security-first approaches aligned with frameworks like CIS or NIST hold the key to robust protection? 
  •  The practical implications of compliance-led security, alternative strategies, the alignment with business objectives, ROI considerations,  
  • The pivotal role of security leaders in addressing critical concerns.
  •  Security-first strategy and the ability to comply with the multiple compliance requirements such as PCI DSS.
16:00 - 16:30

► Bypassing Multi-Factor Authentication (MFA) via Phishing Techniques

Manit Sahib, Ethical Hacker & Dhruv Bisani, Head of Adversarial Attack Simulations, Starling Bank

  • Live Demonstration of MFA Bypass Attack
  • Countermeasures and Best Practices
  • Conclusion of Demo and Presentation
16:30

Conference Close
16:30 - 17:30

Drinks Reception & Networking

Education seminars


Back to the Future


Parminder Lall, CEO and Founder, 1 Cyber Valley

Examining how credit card habits have transformed over the past two decades which have resulted in the adaption of the PCI DSS standard. 

  • What’s happened in the payments industry in the last twenty years?
  • PCI DSS v4.0 – The new normal!
  • Explaining the key changes with v4.0
  • The QSA’s take on the new v4.0
  • Predicting the future – Where is technology taking us in the next decade and how will PCI DSS adapt?

Securing your payment infrastructure and delivering PCI DSS compliance with the acceleration in AI driven services


Keith Harper, Pre-Sales Engineer, Sycurio

AI is changing the way organisations in every industry interact with customers and their data, particularly through its use in contact centres.

From providing quicker, smoother customer experiences, powering self-service, delivering secure billing and payment solutions and augmenting agents, to cutting down on fraud risks, AI is revolutionising contact centre operations.

As both customer and business needs evolve, the payments landscape, channels and services are expanding, necessitating heightened security and protection. Today, hosted AI services are making their way into the payment environment, introducing both opportunities and challenges.

Inevitably there are challenge arising from the intersection of AI and PCI DSS compliance. AI services accessing open data sources offer increased efficiency and convenience, but this raises the question: Should we compromise on data security and privacy for the sake of convenience?

Striking the right balance is crucial… join our session and discover:

  • AI's impact on your business, your payment environment and how you can navigate the changing landscape
  • Creating a harmonious balance between efficiency, convenience, and PCI DSS compliance when embracing AI services in the evolving payment ecosystem
  • Weighing up the benefits of open data sources against the imperative of safeguarding sensitive information
  • Why AI services which are accessing, processing and storing data from diverse sources will create complexities and concerns around data security and achieving and maintaining PCI DSS compliance
  • How to secure multiple payment channels and ensure PCI DSS compliance with AI ‘blackbox’ service vendors?

PCI goals, timelines, myths: a QSA perspective


James Cullen, Principal Security Consultant, Lead QSA, SureCloud

A quality security assessor (QSA)’s view of where we are, what to expect and what to do over the next few months. This session will cover:

  • Council objectives for PCI DSS version 4
  • Timelines and how to prepare
  • Combatting myths about PCI DSS
  • The key requirements you need to know
  • How SureCloud can help

The Cloud: Why it’s the best place to achieve PCI DSS 4.0


Geoff Forsyth, CISO, PCI Pal

The PCI DSS v4.0 updated standard has changed the compliance landscape. In this session, Geoff Forsyth, CISO at PCI Pal, analyses how PCI DSS v4.0 affects achieving and maintaining compliance in the Cloud, why the cloud is the best place to achieve PCI DSSv4.0 and how descoping your infrastructure from the requirements of PCI DSS is still one of the most effective ways to protect your customers’ data and your organisation’s reputation.

  • Learn what it takes to design and deliver a global cloud platform for achieving PCI DSS compliance
  • Learn how PCI DSS v4.0 affects achieving and maintaining compliance in the cloud
  • Hear advice and considerations for embarking on your own cloud journey in the era of 4.0
  • And a little bit about AI , as its so trendy right now!