PCI: Time to think bigger?

20th PCI London
23 January 2020, London, UK
 

Matching compliance to risks

Is GDPR driving budgets, processes and solutions in PCI DSS compliance?


The problem with many compliance regimes is that they effectively ignore the realities of risk. They assume that a particular risk must be 'solved', and then evolve a set of ever more complex rules to achieve this.

They tend not to seek to quantify the risk they are designed to mitigate, nor to place that risk in the context of a real-world business and all the other operational risks it faces, nor to think realistically about whether the costs of the regime itself are appropriate to how these risks manifest.

They also struggle with the idea of risk as a variable on a sliding scale, rather than as an absolute, and generally do a poor job of understanding whether the regime is executable by the types and number of staff available to do it.

All of these criticisms have, at one time or another, been levelled at the PCI DSS regime.

But the introduction of GDPR and a year's worth of enforcement action have given companies real risk management data on data security and privacy.

The level of GDPR fines, the amounts relative to the nature of the violations and to the sizes of the companies involved, provide management with the first real, public data needed to begin a proper risk modelling process. It allows them to look at expected losses, and therefore the budgets and organisational structures that are needed to manage data privacy and security across the business.

And this is raising significant new questions for compliance heads:

  • If violations of GDPR cost firms more than violations of the PCI DSS, what does that mean for budget allocation?
  • How should teams reflect the overlap between GDPR and PCI DSS compliance in terms of the activities and skillsets required?
  • Should PCI DSS compliance be completely outsourced, with those third party practitioners plugged into the GDPR or wider compliance team?
  • Does it still make sense to think about specific PCI DSS technologies and solutions, or are more generalised products available?
  • Will PCI DSS v4.0 alter the answers to some of these questions?


The 20th PCI London will look at the latest in the processes and technologies used to protect payment and personal data. There will be real-life case studies, strategic talks and technical break-out sessions from PCI DSS and compliance teams behind some of the world's most admired brands, who know, just like you, that payment security is now more important to business than ever.

View details of the 19th edition here

  • PCI DSS 4.0 - how to prepare

    • PCI DSS 4.0 promises a new risk-based approach to compliance, as opposed to the previous checklist of rules
    • What does this mean for the teams and individuals tasked with achieving and maintaining compliance?
    • Will yet more new investment be needed in order to keep up with the evolution of the regime?

  • Cutting the cost of compliance

    • Card data is just one subset of the data that needs to be protected, and most companies have limited resources that they can devote to this.
    • Can more widely-applicable solutions and strategies be used to reduce the cost and burden of PCI DSS compliance?
    • Can time-saving technologies such as automation help to lighten the load?

  • Building and managing compliance programmes

    • Staying on top of what you have and what you're doing
    • The technical side: data inventories, monitoring and recording systems and platforms are needed for comprehensive security and privacy management. What do you need and what's the best way to build it?
    • People and process: hiring, team structuring, allocation of responsibilities - what are the most effective ways to structure your compliance efforts?

  • New technologies, new threats?

    • How do you ensure new technologies are compliant?
    • The world of payments is in flux, and modern companies need to be able to cater to their customers' preferred methods.
    • Changes in how people pay mean the channels through which card data flows are changing too, making concerns such as API security increasingly relevant.
    • What is the impact of digital transformation and the payments revolution on existing PCI compliance strategies?

  • Aligning PCI DSS and GDPR efforts

    • Companies spent significantly on PCI DSS compliance, then poured even more resources into complying with GDPR.
    • After a year of GDPR, what lessons have been learned about integrating compliance efforts for more efficient spending?
    • What are the synergies between PCI and GDPR compliance? 

  • Cost-effective testing

    • "Security testing retains its traditional place at the bottom of the PCI DSS compliance list in terms of full compliance", according to the Verizon report.
    • Security testing is clearly a critical component of ensuring effectiveness and maintaining compliance - so why is it so low on the list?
    • What are the most effective (and cost-effective) ways to carry out meaningful testing? Should it be outsourced or is in-house the way to go?

Who attends

Job titles

PCI Security Manager
Group PCI Compliance Manager
Compliance Manager & Deputy CISO
Programme Manager PCI DDS EMEA
Head of Information Security & Business Continuity
Global PCI Lead
Group Information Security Manager
Group Risk & Compliance Manager
PCI Compliance Manager
Data Compliance Manager
Head of Third Party Assurance and PCI Compliance
Chief Security Officer (CSO)
IT Group Compliance Manager
Chief Information Security Officer (CISO)
Senior Security Architect
CISO
Senior Director of Compliance
Head of Risk and Compliance
I.T. Compliance Manager
Head of Information Security Compliance
Head of PCI
Head of Payments, Information Risk & Security
Payments Security Manager
PCI Programme Manager
Compliance manager
PCI Compliance Officer
GDPR Manager
Head of PCI
Senior PCI Compliance Manager
Head of Payment Security
Head of Payment Security & Governance
Senior PCI Compliance Manager
PCI Service Delivery Manager
ICT Audit & Compliance Officer
CISO
PCI DSS Project Manager
Senior Security Governance & Compliance Manager
Head of Payments
CSO
PCI Programme Manager
PCI Manager
PCI Project Manager
PCI DSS Compliance Manager
PCI DSS Compliance Manager
PCI DSS Programme Manager
Head of IT Security
CISO
PCI Lead/Architect
Head of Cyber Security
Senior Data Governance Manager
Payments PCI Programme Manager
Senior Manager, Payments Compliance, Risk & Regulatory
DPO
Senior Director, International Privacy & IT Security
Group Manager Security & Fraud - Information Risk
Group Data Protection Officer
Senior Manager, Card Payment Security Program
IT Compliance Manager
Data Governance Manager and DPO
Manager, Information Security Compliance - PCI
AR Manager - PCI Officer
Global Compliance Officer
Senior Payments Risk Manager
IT Security & Compliance Manager
Director, Global Information Security and Incident Response
Fraud and Payments Manager
Business Information Security Officer
Global PCI Compliance
Program Manager - Information Security and Payment Compliance
PCI Compliance & Risk Manager
Head of Compliance & MLRO
CISO
CISO
PCI - Business Lead & Technical Architect
Global Information Security Officer
Group Information Security Policy, Risk & Vendor Manager
Head of Payment Compliance
Head of Cyber & Information Security
Head of IT Security and Data Protection
Global PCI Compliance
Director Information Security and IT Compliance
Global PCI Lead
PCI Compliance Manager
Head of Privacy & Data Protection
PCI Compliance Manager
BISO
Senior Special Agent - Global Security
Head of Information Security
Head of Information Security
Global Information Security & PCI Compliance Manager
Head of IT Infrastructure
Director, Head of I.T. Security & Risk Management Systems
Chief Data Protection Officer
CTO
PCI Project Manager
GDPR Programme Manager
UK&IE Information Security and Data Privacy Manager
Senior Manager IT Security, Risk & Governance
PCI Assurance Manager
Group Data Protection Officer
Director of Cyber Security

Companies

Clarks
JD Sports
John Lewis Partnership
Saint-Gobain UK & Ireland
Stagecoach Rail
HM Revenue & Customs
Maersk
Nationwide Building Society
NEXT
Superdrug Stores
Transport for London
Ladbrokes Coral Group
Boden
PhotoBox
The Shaw Trust
AXA
Odeon Cinemas
ticketmaster
Lloyds Banking Group
BBC
Close Brothers Premium Finance
Just Eat
Dixons Carphone
Cancer Research UK
The Co-operative Group
Royal Bank of Scotland
The Go-Ahead Group
Bank of America Merrill Lynch
HMV
Santander
Vodafone
Capital One
Direct Line Group
Ikea Group
The Economist
Simplyhealth Group
Rugby Football Union
Sky Betting & Gaming
Lastminute .com
William Hill
Argos
LUSH
Comic Relief
Waterstones
Specsavers
Paddy Power Betfair
easyJet
Thames Water
BP
TalkTalk
British Airways
The Works Stores
Marks & Spencer
Hiscox
Sony
Allianz
Travis Perkins
Asda
Greggs
Marriott Hotels
Millennium Hotels & Resorts
Sainsbury's
ASOS.com
Admiral Group
DVLA
Waitrose
Camelot Group
TUI Group
Bupa Global
Burberry
Virgin Media
American International Group
Selfridges
Which?
Lycamobile
Royal Mail
National Trust
EE
Pearson
Carnival
Barclays
RSPB
JP Morgan Chase
Halfords
Travelodge
Cineworld
giffgaff
LV= Liverpool Victoria
British Heart Foundation
InterFlora
Metro Bank
The Caravan and Motorhome Club
Enterprise Holdings
Dermalogica
Ocado
Ann Summers
River Island
Barnardo's
Sky
Unilever
Addison Lee
Whitbread
Tesco
Addleshaw Goddard LLP
Arriva
RAC
Bet365
WH Smith
Debenhams

Industries

Retail
Travel/Leisure/Hospitality
Other Industry
Casinos/Gaming
Charity
Telecommunications
Construction
Food/Beverage/Tobacco
Media
Hardware
Water/Sewage
Food/Beverage/Tobacco
Electricity
Healthcare Services
Telecommunications
Telecommunications
Real Estate
Manufacturer
Regional Government
Telecommunications
Other Industry
Water/Sewage
Casinos/Gaming
Institute
Retail
Banking
Education
Construction
Electronic/Electrical Equipment
Automobiles/Parts
Real Estate
Education
Electricity
Retail
Retail
Healthcare Services
Media
Pharmaceuticals
Casinos/Gaming
Electricity
Automobiles/Parts
Regional Law Enforcement
Charity
Healthcare Services
Construction
Retail
Household/Personal Products
Charity
Oil/Gas
Education
Insurance
Water/Sewage
Transportation/Shipping
Real Estate
Electricity
Household/Personal Products
Transportation/Shipping
Automobiles/Parts
Central Government
Retail
Insurance
Legal
Food/Beverage/Tobacco
Household/Personal Products
Legal
Manufacturer
Banking
Construction
Banking
Retail
Banking
Institute
Regional Government
Charity
Casinos/Gaming
Oil/Gas
Insurance
Travel/Leisure/Hospitality
Electronic/Electrical Equipment
Retail
Travel/Leisure/Hospitality
Insurance
Retail
Construction
Construction
Accounting/Auditing
Oil/Gas
Association
Transportation/Shipping
Oil/Gas
Retail
Casinos/Gaming
Media
Association
Regional Law Enforcement
Media
Central Government
Real Estate
Construction
Travel/Leisure/Hospitality
Education
Media
Household/Personal Products
Legal
Charity
Retail
Pharmaceuticals
Food/Beverage/Tobacco
Other Industry


Venue

Park Plaza Victoria, London

vpp

Location:
Park Plaza Victoria
239 Vauxhall Bridge Road, London, UK, SW1V 1EQ
Telephone: 0844 415 6752
 

Directions:
Please click here