Agenda

08:00 - 08:50

Breakfast networking and registration 

08:50 - 09:00

Chairman's welcome

09:00 - 09:20

The latest in PCI DSS

Jeremy King, International Director Europe, PCI Security Standards Council

  • Unadultered interpretation of the PCI DSS standard straight from the council
  • Highlighting the most pertinent changes since last year in PCI
  • What does this mean for industry?
09:20 - 09:40

► PCI: A means to an end, not an end in itself

Alan Jenkins, Head of Advisory Services, 2|SEC Consulting and David Froud, PCI Lead Consultant, 2|SEC Consulting

  • Compliance is not security, but a good compliance programme is an important foundation
  • How PCI DSS can be used to kick-start a wider security programme
  • Identifying and implementing the critical elements of PCI DSS
09:40 - 10:00

► Case Study: Global Retailer - from Card Data Breach to PCI Audit

David Matthews, Vice President EMEA, ColorTokens

A talk through how we helped a customer out of a messy situation.

  • Context and what did not work?
  • Risk Containment
  • Identifying & isolating PCI in scope infrastructure
  • PCI audit process - being ever ready
10:00 - 10:20

Executive Panel Discussion 

PCI within Compliance

Where does PCI DSS stand for the organisation’s requirements, what are the appropriate PCI resourcing priorities for the senior compliance function?

  • Adrian Beckham, Information Security Consultant, ASDA
  • Laura Morgans, Information Security, Risk & Compliance Manager, Which?
  • Dominic Paisley, Information Security Manager, London North Eastern Railway
  • Jon Townsend, CIO, National Trust
10.20 - 11.00

Education Seminar 1

Delegates will be able to choose from a range of topics:

  • Compliance in the Cloud – How PCI Pal met the compliance challenges of moving to the cloud, Geoff Forsyth, CISO, PCI Pal
  • Three Key Challenges to Being PCI 3.2 Compliant and How to Resolve Them, Paul “PJ” Norris, Senior Systems Engineer, Tripwire
  • Using Zero Trust to match PCI compliance to the true threatscape, Richard Kirk, Vice President EMEA, Illumio
  • Why digital Imaging is the next generation threat to PCI compliance, Dr Guy Bunker, Chief Technology Officer, Clearswift
11:00 - 11:30

Morning break and networking 

11:30 - 11:50

► Me and Mrs Jones: can RegTech solve the PCI DSS stalemate?

Neira Jones, Independent Advisor & International Speaker; Simon Brady, Managing Editor, AKJ Associates

  • Are the costs and complexity of the regulatory burden becoming unsustainable?
  • The state of play in compliance automation / RegTech
  • Can RegTech help boost PCI DSS compliance, make maintaining compliance easier and reduce the costs?
11:50 - 12:10

► Vendor Risk Management: Overcoming Today’s Most Common Security & Privacy Challenges

Efrain Castaneda, Global Privacy Researcher, OneTrust

  • Review the drivers and challenges organizations face when managing third-party vendor risk
  • Identify priorities before, during and after vendor procurement
  • Take away a six-step approach for automating the third-party vendor risk lifecycle
  • Hear real case studies from privacy experts on how to practically tackle the third-party vendor risk
12:10 - 12:30

► Quantifying the value of implementing PCI controls and measures

Simon Marvell, Partner, Acuity Risk Management

  • Prioritising remediation of non-compliances in financial terms
  • Cost benefit analysis on proposals for new security solutions
  • Reporting on compliance and security risks in business language
12:30 - 13:10

Education Seminar 2

Delegates will be able to choose from a range of topics:

  • Multifaceted Payments, Graham Thompson, VP Sales & Marketing, DataDivider
  • Privacy by Design & Default – “Integrating GDPR and other regulation”, Mark James, Compliance Principal and Allan Packer, Managing Director, Silver Lining Convergence
  • Using Aegis (Cyber Security Maturity Benchmarking) to address PCI DSS Assessment Issues, Chris Leppard, Managing Consultant, CNS Group
  • Back to Data Security Basics: What’s Getting Lost in All the Buzz, Colin Neale, Data Security Specialist and Russell McDermott, Solutions Engineer, Netwrix
13:10 - 14:10

Lunch and Networking 

14:10 - 14:40

Executive Panel Discussion 

PCI DSS under the microscope

Getting to grips with some of the most stubborn and difficult technical challenges of achieving and maintaining PCI DSS with PCI leaders from global brands.

  • Charles Husbands, Head of PCI, Vodafone
  • Simon Turner, PCI DSS Compliance Manager, BT
  • Branko Lolich, PCI Project Manager, King's College London
  • Nick Clansey, PCI and ISA, The Open University
14:40 - 15:00

► Mobile; Yes it is another endpoint! 

Ashish Patel, VP Sales UK & Northern Europe, Zimperium

  • Liberation at what price 
  • PCI requirements for Mobile 
  • Compliance without compromising privacy 
15:00 - 15:40

Education Seminar 3

Delegates will be able to choose from a range of topics:

  • Using Zero Trust to match PCI compliance to the true threatscape, Richard Kirk, Vice President EMEA, Illumio
  • The hidden depths of PCI DSS, Dave Burleigh, Principal Consultant – UK and Ireland Global Compliance and Risk Services, SecureTrust
  • Enabling Secure and PCI DSS Compliant Payments Across All Your Digital Channels, Ben Rafferty, Chief Innovation Officer, Semafone
15:40 - 16:00

Refreshments and Networking 

16:00 - 16:30

Executive Panel Discussion 

PCI resilience and optimum incident response

The reality is it’s impossible to strike out the possibility of a breach, so having an airtight incident response plan is imperative. How do you stay ahead and limit damage?

  • Yulia Nayda, Payments & Compliance Project Manager, Badoo
  • Nick Lambert, Communications Director, Thoburns
  • Oussama Louhaidia, Head of Information Security, Curve
  • Jon Townsend, CIO, National Trust
16:30 - 16:50

Outsourcing and Insourcing - Is it best to leave it to the pros?

Branko Lolich, PCI Project Manager, King's College London

  • The best way for merchants to outsource payments processing payment card security
  • Covering your PCI responsibilities as a merchant to facilitate the best collaboration with outsourced security teams 
  • Using PCI DSS requirements as a baseline to protect GDPR sensitive personal data
16:50 - 17:00

► GDPR One year on

Simon Brady, Managing Editor, AKJ Associates

  • Enforcement – the real picture 
  • Costs versus benefits: is it worth it?
  • After the transition, what now?
17:00

Close of Conference 

17:00 - 18:00

Drinks Reception & Networking

Education seminars


Why digital Imaging is the next generation threat to PCI compliance


Dr Guy Bunker, Chief Technology Officer, Clearswift

Join us to discover why images are now one of the biggest unaddressed PCI compliance risks for financial organisations.

We often do not give images a second thought, they are in presentations and documents all the time. But in today’s world of digital collaboration, what sorts of risks can they pose?

  • Discover the next generation threats you need to be aware of
  • How to prevent digital images being the vector for APTs
  • Learn how to prevent unwanted data acquisition via digital images  

Using Aegis (Cyber Security Maturity Benchmarking) to address PCI DSS Assessment Issues


Chris Leppard, Managing Consultant, CNS Group

  • The issues faced with PCI – Risk assessments, tracking policy and compliance.
  • An overview of the Aegis Risk Management Platform – How organisations can understand their security posture and stance in granular detail
  • How the Aegis system can be used to provide a real in-depth view of the client environment – going beyond ‘tick box’ compliance
  • Examples of the scoring mechanism and reporting

Multifaceted Payments


Graham Thompson, VP Sales & Marketing, DataDivider

Businesses are expanding their reach and their sophistication of payments. Historically businesses operated payments for a single Merchant ID through a single payment processor for their bricks and mortar, online and MOTO channels. Today many businesses are extending their reach of payments into field operations and other utilizations of multi-device/mobile payments. Furthermore, businesses are interacting with multiple payment processors and across multiple merchant IDs within each processor. This coupled with the advantages of operating through payment processor independent tokens is increasing the sophistication of payments. This presentation addresses these requirements and how merchants can take advantage of a payment broker architecture which facilitates the operation of payments across all channels through multiple payment processors. The presentation will look at field operation payments and the additional challenges where mobile devices with card readers operate in a challenging physical environment. This will include how businesses can provide resilient payments in these environments and ensure the ability to continue to take payments despite equipment or networking failures.

Attendees to this presentation will gain from understanding:

  • How to expand the reach of payments within your business
  • The advantages of operating through multiple payment processors
  • Why businesses require multiple Merchant IDs for a payment processor
  • Advantages of payment processor independent tokens
  • How a payment broker architecture works and the advantages delivered by such an solution
  • Challenges of field operations payments and how to provide resilient payments within such environments

Using Zero Trust to match PCI compliance to the true threatscape


Richard Kirk, Vice President EMEA, Illumio

According to the 2018 Verizon Data Breach & Incident Report, there were 2,236 confirmed breaches in 2017. In many instances, these organisations had passed their PCI audits prior to the discovery of the breach.

During this presentation we will show how to effectively combine Zero Trust security with risk frameworks to align your PCI compliance with your true threat environment.  More specifically we will cover:

  • The State of PCI Compliance and Breaches
  • Understanding your threat environment
  • How to disrupt lateral movement attacks
  • Segmentation with Illumio

Back to Data Security Basics: What’s Getting Lost in All the Buzz


Colin Neale, Data Security Specialist and Russell McDermott, Solutions Engineer, Netwrix

As data usage grows exponentially, many organisations are struggling with information security because they are short on time, money, staffing or all of the above.

At the same time, the buzz from vendors about the latest attack vectors makes data security appear more complicated than it needs to be. This never-ending pursuit of defense against the hottest threats leads organisations to neglect basic aspects of data security, such as realising that not all data requires the same level of protection.

In this session, we’ll explain how getting back to basics can strengthen security controls and reduce the risk of breaches.


Compliance in the Cloud – how PCI Pal met the compliance challenges of moving to the cloud


Geoff Forsyth, CISO, PCI Pal

The Cloud brings lots of advantages to businesses, but also lots of its own challenges.

Geoff Forsyth, CISO at PCI Pal, discusses designing and delivering a global cloud platform for achieving PCI DSS compliance, with a focus on the compliance aspects of the build and considerations for companies when embarking on their own cloud journey.

What attendees will learn:

  • How automation of cloud deployments can simplify compliance testing
  • How SMEs can piggyback on the security power of cloud platforms built to keep the likes of Netflix, Microsoft, Facebook and GSK secure

Privacy by Design & Default – “Integrating GDPR and other regulation”


Mark James, Compliance Principal & Allan Packer, Managing Director, Silver Lining Convergence

“Privacy by Design” and “Privacy by Default” have been frequently discussed topics related to data protection. The Information Commissioners office reminds us that “The GDPR requires us to put in place appropriate technical and organisational measures to implement the data protection principles and safeguard individual rights”.

But what does the term “Privacy by Design” mean practically? Is it more than data protection through technology design?

Our educational seminar will cover:

  • What the ICO says – Accountability & Privacy by default
  • The ethical & customer experience of AI so agents ‘DO have to’  
  • Considering the evolving landscape of regulation / technology
  • Developing a culture of compliance without risk  

The hidden depths of PCI DSS


Dave Burleigh, Principal Consultant – UK and Ireland Global Compliance and Risk Services, SecureTrust

There is a lot more to securing your customers cardholder data than just PCI, not least the provisions of the Data Protection Act (DPA) 2018. In this seminar, we will take a deep dive into the following:

  • “Should we be doing more?” – what additional precautions are critical?
  • Securing a modern, multi-faceted, E-Commerce programme
  • The hidden exposures it’s easy to miss

Enabling Secure and PCI DSS Compliant Payments Across All Your Digital Channels


Ben Rafferty, Chief Innovation Officer, Semafone

Customers now want to engage with merchants across multiple digital engagement channels, such as webchat, IM & social media, email and more.  For a superior customer experience, organisations should be able to communicate with customers in their channel of choice, without diverting them to alternative channels for payment. The challenge for organisations is to create a seamless and frictionless customer experience across all channels, while keeping secure and PCI DSS compliant.

Join us to learn more, and explore how to:

  • Take advantage of digital channels to enhance your omnichannel strategy while increasing revenue and customer loyalty.
  • Keep these channels secure and embrace Big Data, AI and Machine Learning technologies without compromising security or PCI DSS compliance.
  • Avoid complicated e-commerce platforms, costly hardware or closed payment ecosystems, while simplifying your audit process and managing risk.

Three Key Challenges to Being PCI 3.2 Compliant and How to Resolve Them


Paul “PJ” Norris, Senior Systems Engineer, Tripwire

Despite the benefits, compliance with PCI 3.2 is not without its challenges. The session will demonstrate how rather than a point-in-time approach to PCI compliance, it is important that organisations take the approach of continuous compliance, leveraging PCI not just for compliance purposes but actually as a means to improving security posture. This session will consider three key challenges:

  • Tedious Audits
  • Configuration Drift
  • Technical Skills Gap