Agenda
08:00 - 08:50 |
Breakfast Networking Break |
08:50 - 09:00 |
Chair's Welcome |
09:00 - 09:20 |
►Update from the PCI Security Standards Council: Preparing for 31st March 2025 Jeremy King, VP, Regional Head for Europe, PCI Security Standards Council
|
09:20 - 09:40 |
►Overcoming Operational Challenges Implementing PCI DSS Requirements 6.4.3 and 11.6.1 John Elliott, Security Advisor, Jscrambler
|
09:40 - 10:00 |
►PCI Compliance-as-a-Service: Simplifying the Path to Compliance Martin Petrov, CTO, Integrity360
|
10:00 - 10:20 |
►PCI DSS & Internal Security Standards - Managing the Alignments & Conflict Katie Cowman, Senior PCI Assurance Manager, Barclaycard
|
10:20 - 11:00 |
► Education Seminar 1 Delegates will be able to choose from the following education seminars:
|
11:00 - 11:30 |
Networking Break |
11:30 - 11:50 |
►Mastering PCI Evidence Collection: Simplify, Automate, Succeed Natasha Harries Roebuck, PCI Compliance Specialist, Sky UK
|
11:50 - 12:10 |
►Countdown to Compliance: Misconceptions and Action Plans for 6.4.3 and 11.6.1 - Human Security Mark Phillips - VP, Sales and Solutions Engineering EMEA, Human Security Richard Fridge - Director, Enterprise Sales EMEA, Human Security
|
12:10 - 12:30 |
►Fireside chat: Demystifying PCI Audits: Insights for Seamless Compliance Kevin Burns, PCI Compliance Lead, NMI
|
12:30 - 13:10 |
► Education Seminar 2 Delegates will be able to choose from the following education seminars:
|
13:10 - 14:10 |
Lunch & Networking Break |
14:10 - 14:30 |
►The Legal and Contractual Side of PCI DSS: What Every Business Needs to Know Dr Sam De Silva, Partner & Global Co-Head of Commercial Practice Group, CMS
|
14:30 - 14:50 |
►Mastering PCI DSS compliance in a world of unstructured data Stephen Cavey, Co-Founder and Chief Evangelist, Ground Labs
|
14:50 - 15:10 |
►From Stress to Success: How Continuous Compliance Simplifies PCI DSS Peter O’Sullivan, Principal Information Security Consultant, Blackfoot Cybersecurity
|
15:10 - 15:50 |
► Education Seminar 3 Delegates will be able to choose from the following education seminars:
|
15:50 - 16:10 |
Networking Break |
16:10 - 16:30 |
►Securing Payment Pages: Navigating PCI DSS v4 Requirements for Browser-Loaded Scripts Graham Dawson, Cyber Security Architect, Naked Wines
|
16:30 - 17:00 |
►PCI Compliance: Breaking Barriers and Shaping the Future Simon Brady, Event Chairman, AKJ Associates (Moderator)
|
17:00 - 18:00 |
Drinks Reception & Networking |
Education seminars
This session has a bit of scope creep - much like your last PCI audit! You’re getting two topics for the price of one today: how to align PCI compliance with other frameworks and tackle PCI in serverless and cloud-native environments.
Sam Greaves, Senior Consultant, CSA Cyber
Most large organisations requiring PCI compliance also adhere to other standards, such as ISO 27001 or SOC 2. Traditionally, audits for each framework are conducted separately, making them time-consuming and resource intensive. By mapping controls across standards and conducting combined audits, organisations can streamline evidence collection and reduce effort. At the same time, modern serverless and cloud-native environments introduce unique challenges, such as shared responsibility models and the inability to apply traditional security controls – all whilst offering significant benefits like scalability and efficiency.
Join Sam as he explores the future of PCI compliance in a serverless world and how to navigate these emerging opportunities.
Attendees will learn:
- Framework Alignment: Map controls across PCI DSS, ISO 27001, and SOC 2 etc., to minimise duplication and streamline compliance.
- Unified Audits: Consolidate audits across multiple frameworks to save time, effort, and costs.
- Cloud Native Challenges: Address complexities in serverless and containerised environments.
- Compensating Controls: Replace traditional methods like FIM with modern approaches such as logging, runtime security, and immutable infrastructure.
MythBusters.
Parminder Lall, CEO and Founder, 1 Cyber Valley
Following on to last year’s success of “Back To The Future” presentation at PCI London, this year we bring you “MythBusters: Who You’re Gonna Call?”. In an ever-evolving security landscape and with numerous interpretations and opinions about the PCI DSS framework, organisations can often misunderstand their responsibilities or fail to comply fully. We need to identify ‘Misconception v Reality’.
Attendees will learn:
- Will all QSAs maintain the same perspective?
- Does reliance on outsourcing to a third-party providers eliminates you compliance responsibilities.
- Are you protected by treating PCI DSS as a One-Time effort?
- If you don’t store cardholder data you do not need to comply
Navigating SSL and Email PCI-DSS Compliance with Red Sift
Billy McDiarmid, Director of Solutions Engineering, Red Sift
- Understanding PCI DSS Compliance: Explore the latest updates to PCI DSS requirements and their implications for organizations.
- Certificates: Learn how compliance standards have evolved and the role of certificates in meeting these mandates.
- Email Security as a Key Compliance Driver: Learn how securing your email domain with solutions like DMARC, SPF, and DKIM contributes to PCI DSS compliance by protecting cardholder data from phishing and spoofing attacks.
- Data Protection: Discover how Red Sift solution monitors and secures sensitive information across your digital footprint, supporting critical compliance mandates.
- Streamlining Compliance Efforts: See how automation and actionable insights from Red Sift simplify achieving and maintaining PCI DSS compliance.
Contact Centre 101: Back to Basics
Geoff Forsyth, CISO, PCI Pal
A look at how PCI impacts MOTO payments as we dive deeper into issues with SAD storage, and explore scope reduction techniques such as IVR, DTMF masking, speech recognition, digital payments
Don’t Let Your Security Fall Apart: PCI DSS, Third-Party Software, and the Tetris Effect!
Nadav Shatz, Customer Solutions and Advisory Director, Orange Cyberdefense
- Third-party security risks are one of the top threats to organisations. Within this, the risk posed by third-party software is constantly on the rise as a major emerging threat especially for organisations that develop and offer payment solutions.
- Now more than ever, the PCI DSS places an unprecedented focus on securing both custom and third-party software, including new, future-dated requirements set to come into effect early next year as part of PCI DSS v4.0.1. We will show:
- A real-life demonstration of a customer case, exploiting a third-party software vulnerability to not only gain control of Account Data but also to turn a POS terminal into a music player!
- Explore and suggest solutions for properly addressing this threat, to secure payment environments and ensure compliance with the relevant requirements of PCI DSS v4.0.1.
PCI DSS 4.0 Compliance Made Easy with Thales
Ketan Pyne, Pre Sales team for UK&I, Thales Group
Matthew Santos, Thales Group
- Drawing on decades of experience helping banks and financial institutions comply with industry mandates, Thales offers integrated products and services that enable your organisation to protect stored cardholder data, encrypt it for transfer, restrict access on a need-to-know basis and protect applications managing payment transactions.
- Working with Thales can reduce the scope of your PCI DSS compliance burden.
Scope Smarter, Not Harder, by Debunking Common PCI Myths That Derail Merchants
Peter Lane, Managing Cyber Security Consultant, Cyro Cyber
You know the drill. PCI requirements are notoriously complex, scoping gets messy, and the plethora of guidance out there often raises more questions than answers!
With tight deadlines and limited resources, most merchants don’t have the bandwidth to master the intricacies that QSAs live and breathe. The result? The same scoping mistakes and misconceptions continue to derail compliance efforts and stunt business growth. But with the right strategies, you can avoid these pitfalls.
Join Peter Lane, PCI DSS QSA and seasoned security expert, for a solution-focused session that tackles common PCI problems head-on. With 17+ years’ experience helping businesses from SMBs to enterprises, Peter will demystify the PCI essentials that impact your ability to meet the various demands. He will cover everything from why scoping matters more than you think, to the real-world implications of which technology or service providers you use and how to avoid unnecessary reporting challenges to ensure simpler compliance, and stronger security.
By the end of the session, you’ll be able to:
• Understand the most common PCI scoping mistakes that derail compliance and growth.
• Identify the impact of technology and service providers on your scope and audit requirements.
• Develop your ability to understand the requirements intent and know where to find the best advice.
• Refine your PCI strategy and strengthen your security posture.
Future of PCI ComplAInce
Kris Olejniczak, CEO, Patronusec
Artificial Intelligence is transforming the landscape of payments security. This includes the growing use of AI-driven tools that simplify compliance management, reduce operational complexity, and lower costs. However, the same advancements empower fraudsters and hackers, reshaping attack vectors and the overall threat landscape in payments security. AI is also redefining the role of QSA companies, enabling them to deliver assessments with greater focus on broader and more complex elements of compliance. Furthermore, as organisations increasingly explore processing cardholder data within AI and LLM-powered systems, the boundaries of PCI DSS scope are evolving, presenting new challenges and considerations.
Attendees will learn:
- The shifting threat landscape as fraudsters leverage AI tools to enhance their capabilities.
- How organisations are utilising AI to streamline and enhance internal compliance processes.
- The evolving role of QSA companies in delivering more impactful and focused assessments.
- Key considerations for building AI-powered systems and specialised LLM models that process cardholder data while remaining PCI DSS compliant.
- Discussing the above through real-world experience and case studies