Agenda
Presentations already confirmed include:
►Update from the PCI Security Standards Council: Preparing for 31st March 2025
Jeremy King, VP, Regional Head for Europe, PCI Security Standards Council
- What does this mean?
- What are the new requirements?
- How this will affect your organization?
- What other standards are changing in 2025? And how can you be involved?
►Harnessing AI and Automation: Shaping the Future of Compliance
Simon Turner, Head of Security Governance and Compliance, BT Group
- How does AI enable real-time compliance monitoring for continuous regulatory adherence.
- Enhancing Risk Management with AI-Driven Assurance
- Improving efficiency and accuracy in compliance processes with AI-driven automation
- How AI strengthens data security to meet standards like PCI DSS and GDPR
►Driving a Culture of InfoSec Excellence: How a Thriving Fintech Built Security into Its DNA
Jo Vane, InfoSec Compliance Director, Checkout.com
- The Pitfall of Compliance Alone
- Compliance ≠ Security: going beyond the basics.
- Raising the Bar: InfoSec Excellence Defined
- Core Principles for Sustainable Security
- Leadership’s Role in Building Security DNA
- Achieving InfoSec excellence reduces risk, enhances brand trust, and strengthens market positioning
►Securing Payment Pages: Navigating PCI DSS v4 Requirements for Browser-Loaded Scripts
Graham Dawson, Cyber Security Architect, Naked Wines
- Understanding the Invisible Risk: How scripts and tags on your payment pages impact security and compliance.How scripts and tags on your payment pages impact security and compliance.
- Building Robust Controls: Implementing practical controls to mitigate risks and meet PCI DSS v4 standards effectively.
- Managing Scripts with Reflectiz: Exploring a cutting-edge tool to monitor, control, and secure browser-loaded scripts in real time.
- The Road Ahead: What does the future holds for compliance and innovation.
►Mastering PCI Evidence Collection: Simplify, Automate, Succeed
Natasha Harries Roebuck, PCI Compliance Specialist, Sky UK
- Practical strategies to make PCI evidence gathering less burdensome and more efficient
- Automation for year-round readiness
- Tips to transform the annual assessment from a scramble to a seamless process
►PCI DSS & Internal Security Standards - Managing the Alignments & Conflict
Katie Cowman, Senior PCI Assurance Manager, Barclaycard
- Tailoring organizational policies to meet unique security needs.
- Bridging PCI DSS compliance with internal security objectives.
- Mitigating overlaps and contradictions between external mandates and internal protocols.
►PCI Compliance: Breaking Barriers and Shaping the Future
Kevin Burns, PCI Compliance Lead, NMI (Moderator)
Adam Way, GRC Manager, News Corp
- How can organizations balance evolving PCI standards with effective vendor management?
- Is AI an enabler or a risk for PCI compliance, and how can it be used responsibly?
- What are the biggest challenges in standardizing PCI contractual obligations?
- Is scope reduction still effective, or are there better strategies for managing PCI compliance?
- How can we better communicate the business value of PCI compliance?
►Mastering PCI DSS compliance in a world of unstructured data
Stephen Cavey, Co-Founder and Chief Evangelist, Ground Labs
- In today's data-driven world, businesses are generating and ingesting more data than ever before, with up to 90% being unstructured. Ensuring PCI DSS compliance within these vast stores of unstructured data is a critical challenge, as organizations often lack the capability to identify and manage cardholder data (CHD) outside their defined cardholder data environment (CDE).
- Learn what unstructured data is and the risks it presents for security and compliance.
- Understand the complexities of ensuring PCI DSS compliance when dealing with unstructured data.
- Discover how data discovery tools and techniques can help identify and manage unknown, unexpected and unstructured data.
- Explore how evidence-based data discovery can help effectively manage unstructured data and its importance as we look to the future of AI/ML and ever-increasing data growth
►From Stress to Success: How Continuous Compliance Simplifies PCI DSS
Peter O’Sullivan, Principal Information Security Consultant, Blackfoot Cybersecurity
- Understand the challenges of maintaining PCI DSS compliance between assessments.
- Discover how shifting to a continuous compliance approach reduces stress and workload spikes.
- Explore practical strategies for integrating compliance into daily operations.
- Learn how to avoid non-compliance by anticipating lapses and overcoming them proactively.
Education seminars
This session has a bit of scope creep - much like your last PCI audit! You’re getting two topics for the price of one today: how to align PCI compliance with other frameworks and tackle PCI in serverless and cloud-native environments.
Sam Greaves, Senior Consultant, CSA Cyber
Most large organisations requiring PCI compliance also adhere to other standards, such as ISO 27001 or SOC 2. Traditionally, audits for each framework are conducted separately, making them time-consuming and resource intensive. By mapping controls across standards and conducting combined audits, organisations can streamline evidence collection and reduce effort. At the same time, modern serverless and cloud-native environments introduce unique challenges, such as shared responsibility models and the inability to apply traditional security controls – all whilst offering significant benefits like scalability and efficiency.
Join Sam as he explores the future of PCI compliance in a serverless world and how to navigate these emerging opportunities.
Attendees will learn:
- Framework Alignment: Map controls across PCI DSS, ISO 27001, and SOC 2 etc., to minimise duplication and streamline compliance.
- Unified Audits: Consolidate audits across multiple frameworks to save time, effort, and costs.
- Cloud Native Challenges: Address complexities in serverless and containerised environments.
- Compensating Controls: Replace traditional methods like FIM with modern approaches such as logging, runtime security, and immutable infrastructure.
MythBusters.
Parminder Lall, CEO and Founder, 1 Cyber Valley
Following on to last year’s success of “Back To The Future” presentation at PCI London, this year we bring you “MythBusters: Who You’re Gonna Call?”. In an ever-evolving security landscape and with numerous interpretations and opinions about the PCI DSS framework, organisations can often misunderstand their responsibilities or fail to comply fully. We need to identify ‘Misconception v Reality’.
Attendees will learn:
- Will all QSAs maintain the same perspective?
- Does reliance on outsourcing to a third-party providers eliminates you compliance responsibilities.
- Are you protected by treating PCI DSS as a One-Time effort?
- If you don’t store cardholder data you do not need to comply
Navigating SSL and Email PCI-DSS Compliance with Red Sift
Billy McDiarmid, Director of Solutions Engineering, Red Sift
- Understanding PCI DSS Compliance: Explore the latest updates to PCI DSS requirements and their implications for organizations.
- Certificates: Learn how compliance standards have evolved and the role of certificates in meeting these mandates.
- Email Security as a Key Compliance Driver: Learn how securing your email domain with solutions like DMARC, SPF, and DKIM contributes to PCI DSS compliance by protecting cardholder data from phishing and spoofing attacks.
- Data Protection: Discover how Red Sift solution monitors and secures sensitive information across your digital footprint, supporting critical compliance mandates.
- Streamlining Compliance Efforts: See how automation and actionable insights from Red Sift simplify achieving and maintaining PCI DSS compliance.
The Future of Payment Security: Trends to Watch in 2025 and Beyond
Geoff Forsyth, CISO, PCI Pal
The payment landscape continues to undergo rapid transformation, driven by evolving technologies, regulatory changes, and shifting consumer expectations. This session examines some of the key developments redefining how businesses approach payment security and compliance.
Attendees will learn:
- Gain practical insights into balancing innovation with risk management, ensuring compliance in a dynamic regulatory environment, and building trust through secure and seamless payment experiences.
- Prepare your organization to thrive in the future of payments by understanding the trends shaping 2025 and beyond.
Don’t Let Your Security Fall Apart: PCI DSS, Third-Party Software, and the Tetris Effect!
Nadav Shatz, Cyber Security and technology executive, Orange Cyberdefense
- Third-party security risks are one of the top threats to organisations. Within this, the risk posed by third-party software is constantly on the rise as a major emerging threat especially for organisations that develop and offer payment solutions.
- Now more than ever, the PCI DSS places an unprecedented focus on securing both custom and third-party software, including new, future-dated requirements set to come into effect early next year as part of PCI DSS v4.0.1. We will show:
- A real-life demonstration of a customer case, exploiting a third-party software vulnerability to not only gain control of Account Data but also to turn a POS terminal into a music player!
- Explore and suggest solutions for properly addressing this threat, to secure payment environments and ensure compliance with the relevant requirements of PCI DSS v4.0.1.
PCI DSS 4.0 Compliance Made Easy with Thales
Ketan Pyne, Pre Sales team for UK&I, Thales Group
Matthew Santos, Thales Group
- Drawing on decades of experience helping banks and financial institutions comply with industry mandates, Thales offers integrated products and services that enable your organisation to protect stored cardholder data, encrypt it for transfer, restrict access on a need-to-know basis and protect applications managing payment transactions.
- Working with Thales can reduce the scope of your PCI DSS compliance burden.