Agenda

► PCI Security Standards : The latest developments in the payment space

Jeremy King, VP, Regional Head for Europe, PCI Security Standards Council

• Version 4.0 transition timeline
• Moving successfully to PCI DSS 4.0 
• Steps to take in the next 6-9 months

► Navigating compliance in an eComm world — You think you have outsourced BUT have you?

Candice Pressinger, Director of Customer Data Security, Elavon

• Merchants are getting further away from the payment but are still the merchant on record
• False sense of security
• Questions to ask 
• What evidence do you need?
• SPs 12.8 and 1.9.2/PCI V4.0
• It’s not enough to ask in an RFP.. are you compliant?

► PCI DSS-as-a-Consequence of “Secure in Operation": Striking the Balance: Compliance-Centric vs. Security-First Strategies 

Simon Turner, Head of Security Governance and Compliance at BT Group, BT Group

• Do alternative strategies, particularly security-first approaches aligned with frameworks like CIS or NIST hold the key to robust protection? 
•  The practical implications of compliance-led security, alternative strategies, the alignment with business objectives, ROI considerations,  
• The pivotal role of security leaders in addressing critical concerns.
•  Security-first strategy and the ability to comply with the multiple compliance requirements such as PCI DSS.

► Bypassing Multi-Factor Authentication (MFA) via Phishing Techniques

Manit Sahib, Ethical Hacker & Dhruv Bisani, Head of Adversarial Attack Simulations, Starling Bank

• Live Demonstration of MFA Bypass Attack
• Countermeasures and Best Practices
• Conclusion of Demo and Presentation

► Case Study: From Zero to Hero, implementing a compliance framework for ISO27001, PCI DSS, SOC 2 Type 2 and Cyber Essentials Plus at a tech unicorn

Nicholas Howard, Director of Information Security, Reward Gateway

• Journey from ISO to PCI to SOC 2 to CE+
• Using automation to streamline the ongoing monitoring, assessment and audit processes
• Lessons learnt along the way