Strategic SponsorsBlackfoot UK is an information risk, security and compliance specialist. We help our customers to protect their information and data, but ultimately their brands, reputations and financial health. Whilst our customers come from different industry sectors (retail, insurance, financial services), 80 per cent of our business is from personal referrals. Why is this?
- We are specialists at what we do
- We provide honest, independent advice in plain English
- We have a no-nonsense approach to consultancy
WE ARE YOUR BEST DEFENCE AGAINST CYBER THREATS. WE ARE BULLETPROOF.
Bulletproof’s innovative cyber security services are the best way to stay ahead of the hackers, take control of your infrastructure and protect your critical business data.
Bulletproof’s core belief is driving innovation through our range of cyber security products to deliver true value to the UK market and beyond. For example, we’ve extensively developed our own SIEM platform with integrated threat intelligence and machine learning. And then there’s our certified ASV scanning engines and handy compliance portals.
One of the major factors of our success is our 24/7 UK Security Operations Centre (SOC). This in-house facility is the heart of our cyber operations, being home to both the technical delivery teams as well as a base for our compliance and training operations.
Whatever industry you’re in, we have the cyber security service you need to stay secure, including:
- PCI DSS compliant hosting
- PCI DSS consultancy
- Penetration testing (infrastructure/network, mobile & web app)
- Social engineering and red team
- Managed threat protection (SIEM)
- VA and PCI ASV scans
- GDPR and DPO services
- Incident response and digital forensics
- Virtual Security Manager/vCISO
- And more
THE BUNKER AND ARCTURUS: PART OF THE CYBERFORT GROUP
Your PCI compliance partners of choice
The Bunker and Arcturus provide an end to end suite of secure services to assist you with your PCI DSS compliance.
Our secure solutions are provided to you from the UK’s most secure data centres and include:
- PCI complaint cloud and dedicated hosting services
- Secure colocation complying to points 9 and 12 of the PCI Standard
- PCI DSS Penetration testing and vulnerability scanning
- SOC and SIEM services
- PCI Consultancy
- Compliance Management
Our secure services come with compliance guaranteed, offering peace of mind and creating a smooth testing and auditing process. We ensure compliance is always front-of-mind, and our bespoke solutions are designed around the industry standards that affect your business. On top of this technical offering, our expert consultants can also provide advice and support to navigate you through any regulatory requirements.
We are accredited to the highest levels and are familiar with even the strictest compliance frameworks. Whether you’re preparing for GDPR or struggle with PCI DSS audits, we make achieving compliance simple.
- We are 1 of 4 Managed Service Hosting Providers on the VISA Merchant List
- Our services cover all 12 requirements of the PCI DSS framework
- CREST Accredited Penetration Testing Services
- ISO27001 Accredited data centres
- Dedicated TOMs needed to meet compliance
- 10 years + technical experience in PCI DSS compliance
- GDPR Ready
Depending upon what you are wanting to achieve, we can simply build and test an environment aligned to PCI DSS or we can handle the full end-to-end process to ensure that you gain your PCI DSS certification.
We’re your security experts, your data centre and your first line of defence.
For further information please contact or visit us on:
Education Seminar Sponsors
Data Protection People (DPP) are a UK-based information security and data protection consultancy.
DPP maintains a dedicated QSA Practice, that sits within our PCI and information security division. Our QSA Practice is engaged by retail brands, payment service providers, and multinational organisations (including commercial and domestic energy), to provide experienced Quality Security Assessors that understand complex technical environments. Our QSA team has a thorough technical grounding, and vast operational experience with modern technologies, including complicated virtualised environments. Our information security team hold industry qualifications such as CESG Certified Professional, Certified Information Systems Auditor, ISO 27001 Lead Auditor, and Certified Information Systems Security Professional.
DPP’s data protection team has a strong academic grounding, with team members holding post-graduate and professional qualifications in the field of information rights law and data protection practice.
By building on our experience and listening to the day-to-day challenges of our clients, we aim to deliver world class data protection and security services that enable organisations to build a compliance programme that protects market value and provides an edge on their competition.
DPP offer the following suite of services:-
- GDPR Gap Analysis – analyse and identify your organisation’s data protection posture and highlight any gaps
- Deep Dive Consultancy – focused investigation of any data protection issue
- Managed Services – tailored services specific to your organisation's requirements driven through a dedicated support desk function
- Outsourced Data Protection Officer – experience Data Protection Officers acting on your behalf
- PCI DSS Compliance – scope identification, gap analysis, remediation, and formal QSA services
- ISO 27001 Services – gap analysis, implementation support, and audit services
- NIS Regulations Compliance – expert advice on the NIS Cyber Assessment Framework
- Threat Assessment – cyber and physical threat modelling, provided by CESG Certified Professionals
- Incident Response – on-site security incident and regulator audit support
- Penetration Testing – internal and external penetration testing, from CREST Registered Consultants
- DataWise – manage your data protection and security compliance from a single dashboard
Have you deployed ‘Pause and Resume’ for your contact centre or are you just about to tackle phone payments? If so, discover how DataDivider can simply take out your agent desktops, network and back-end systems from PCI scope whilst your agents continue to listen to and enter cardholder data. Reduce you BAU costs or implement a call centre PCI de-scope strategy for the fraction of the cost of complex DTMF tone masking solutions. Sound impossible? Find out how by visiting DataDivider’s booth or attending our education session “Leveraging your PCI DSS investment for GDPR ”. In the past decade PCI forensic audits have only discovered a handful of telephony infrastructure related breaches so focus your risk based approach to where the real exposure lies.
Eckoh is a global provider of PCI DSS compliant Secure Payment and Customer Engagement solutions via its Eckoh Experience Portal. We also offer Third Party contact centre support and Unified Agent Desktop solutions. We’ve an international client base UK and US offices.
Secure Payment Solutions
Our solutions, which can be hosted in the cloud or deployed on the client’s site, removes sensitive personal and payment data from contact centres and IT environments. This offers merchants a simple and effective way to reduce the risk of fraud, secure sensitive data and become compliant with the Payment Card Industry Data Security Standards (“PCI DSS”) and can help towards GDPR.
- CallGuard – Agent-Assisted payments
- EckohPAY – Self-Service automated payments
- Apple Pay, Google Pay, Paypal, Pay by Bank
- ChatGuard – web chat payment.
We're experts in our field, transforming contact centre operations by delivering a better customer experience across every channel, boosting agent productivity, reducing operations costs and maximising payment security. With over 20 years’ of award-winning experience in contact centre solutions, our team has seen every leap in technology — and always managed to stay ahead of the curve. Our approach focuses on our clients’ business goals so once we deploy a solution we work with you as a partner, not just a supplier.
- 2018 & 2017 Winner PCI Excellence Awards
- World’s first secure payment solution via web chat
- World’s first secure payment solution for Apple Pay over the telephone
- Payment Innovation awards for Web Chat Pay and Apple Pay via Phone
- Level One PCI DSS Service Provider since 2010
- Patents for CallGuard in the UK and USA
- We process over £1.5 billion in card payments annually
Our mission is to help companies discover cardholder and sensitive personal data on their computer systems. Our software helps companies to prevent hacks and security breaches that result in the theft of employee and customer information.
Our software is being trusted by over 2,500 companies across 80 countries. By securing their data with our products it helps companies comply with important information security standards such as the Payment Card Industry Data Security Standard (PCI DSS) and the General Data Protection Regulation (GDPR).
At Ground Labs we are committed to continually maintaining high levels of customer satisfaction, we provide solution-oriented technical support 24 hours a day Monday – Friday.
If you would like a free trial of our software please visit www.groundlabs.com
Our enterprise-ready software is the complete solution for the identification, remediation and monitoring of sensitive personal data across your entire network. We find more data types and support more platforms than anyone else. Using in-built scheduling and real-time alert features, keeping your data secure will become just another one of your company’s Business-As-Usual practices.
Search all the major locations personal data might be stored including, databases, documents, emails, deleted files, memory, disks, shadow files, cloud storage, servers and more.
Find over 200 personal identifiable data types including 95 relevant to The General Data Protection Regulation (GDPR). Identifies stored bank account numbers, SWIFT Codes, IBAN. Over 50 types of National ID supported across 28 EU countries.
Support 7 different platforms - Windows, Mac, Linux, Solaris, FreeBSD, HPUX, and IBM AIX. In addition to this, we also support EBCDIC mainframe storage formats.
Remediate We help you take action to secure the information found. Our remediation process includes permanently deleting the data so it's unrecoverable, safely relocating the information to a secure location of your choice or modifying the data so that anything sensitive is removed without impacting the surrounding data.
Monitor through powerful reporting, quickly sees where the sensitive data is stored and what departments or teams have access to it.
Don’t let hackers turn your company into the next headline.
Discover your sensitive data today.
For further information please contact or visit us on:
T: +44 203 137 9898
PCI Pal is a suite of solutions designed to help run your customer contact operations in adherence with the Payment Card Industry Data Security Standard (PCI DSS). PCI Pal solutions have been developed for the contact centre market by a team of contact centre specialists. When it comes to PCI compliance, PCI Pal are pioneers in the customer contact space.
We have a long history of agent assisted and fully automated contact centre payment solutions. From our own experience we know how difficult and costly adhering to PCI compliance can be. Our aim is to make it as easy as possible for you to become compliant for all of your payment needs.
PCI compliance for any contact centre is a challenge, whether you have 20 staff or 2,000. We have developed a pragmatic approach to compliance which marries risk reduction with operational efficiency. As contact centre people, we believe strongly that the operational running of the contact centre must, above all else, be the priority. PCI compliance should be achieved to benefit operations using a risk reduction and cost model quantifiable to payments, which are ultimately what PCI compliance is there to protect.
We are able to integrate our truly cloud based offerings through a variety of methods making the transition to compliant payments simple and low risk. We cover a broad range of PCI environments with solutions across agent-assisted payments, automated payments, live agent outsourcing, call recording, and legacy data cleansing and protection.
Website: www.pcipal.com Call: +44 207 030 3770 (UK) +1 866 645 2903 (US)
SureCloud is a provider of cloud-based, integrated Risk Management products and Cybersecurity services, which reinvent the way you manage risk.
SureCloud connects the dots with integrated Risk Management solutions enabling you to make better decisions and achieve your desired business outcomes. SureCloud is underpinned by a highly configurable technology platform, which is simple, intuitive and flexible. Unlike other GRC Platform providers, SureCloud is adaptable enough to fit your current business processes without forcing you to make concessions during implementation; meaning you get immediate and sustained value from the outset.
SureCloud also offers a wide range of Cybersecurity testing and assurance services, where we stay with you throughout the entire test life-cycle from scoping through to vulnerability discovery and remediation. Certified by the National Cyber Security Centre (NCSC) & CREST and delivered using the innovative Pentest-as-a-Service (underpinned by a highly configurable technology platform), SureCloud acts as an extension of your in-house security team and ensures you have everything you need to improve your risk posture.
De-scope your contact centres from PCI DSS whilst enhancing customer/agent experience & GDPR compliance
CardEasy is Syntec's patented, award-winning DTMF masking solution for customer 'keypad payment by phone' and de-scoping your contact centre environment from PCI DSS controls, whilst ensuring your MOTO card payments and call recordings are PCI DSS compliant.
CardEasy is trusted by consumers, as it removes the need for them to read out their card numbers over the phone. By asking them to enter their card numbers using the keypad of their own phone instead (Mid-call in conversation with the agent or via self-service IVR Autopay), PCI monitoring and audit requirements for the contact centre are reduced to the bare minimum. The sensitive card numbers no longer enter your call centre environment or call recordings at all, cutting out compliance costs and hassle whilst improving customer service and trust. The agent/customer experience is not interrupted as the agent remains on the call throughout – no handoff to an awkward IVR system – and the system reduces average call times and reduces the mis-keying of card data too.
CardEasy was the winner of the PCI Excellence Award for the second time in January 2018 and won the Genesys 'Best Security Solution' award at Call & Contact Centre Expo in London in March 2018.
Flexible CardEasy deployment
CardEasy is supported by (and integrated with) the leading industry payment gateways and is designed to be universally quick and easy to implement.
Working either as a fully hosted managed service; partially premise-based (CPE); or entirely cloud-based for larger enterprises and international use, it is designed to be CRM and telephony agnostic – you can rely on our in-house advice and expertise, but CardEasy works with your existing telephony and back-office systems, there’s no requirement to use ours.
Syntec – Integrated Contact Centre systems
Established as Syntec Telecom in 1998, Syntec is a PCI DSS level 1 Visa and Mastercard-listed service provider and a participating organization of the global PCI Security Standards council.
Syntec Limited. www.syntec.co.uk t. 020 7741 2000 e. firstname.lastname@example.org
CardEasy videos and case studies: http://www.syntec.co.uk/pci-dss-solutions/cardeasy/
TokenEx is a company founded on the principle of safeguarding our clients and their partners against the inherent risk of storing and sharing sensitive information. Focused on flexibility and custom solutions, the TokenEx Data Security Platform enables our clients to tokenise any data set across a range of environments and applications. Utilizing over twenty different token schemes, TokenEx secures the PCI and personal data of our clients to reduce their risk and meet their PCI DSS and General Data Protection Regulation (GDPR) compliance obligations, while still enabling their business processes.
Almost every organisation that sells products and services accepts payments through multiple acceptance channels—e-commerce sites, point-of-sale terminals, contact centers, and mobile apps. TokenEx has solutions to tokenise payment data for each of these acceptance channels, dramatically lowering your scope for PCI compliance and risk of sensitive data loss.
Utilizing TokenEx’s Transparent Gateway solution, you are free to maintain relationships with as many payment processors and gateways as you wish, while maintaining a single unified vault of payment card tokens. TokenEx enables you to exchange data with any third-party API without putting your internal systems in scope for PCI compliance.
Any Data Set
TokenEx can tokenise and secure any data set including PCI, ACH, and personal data. Most tokenisation solutions from payment processors or other tokenisation service providers only address payment information leaving you exposed to the risk associated with other data sets. TokenEx can secure all sensitive data, enabling you to address all of your compliance obligations and data security risk utilising a single platform.
Utilizing Tokenisation for Pseudonymisation
The GDPR is now in effect, with strong requirements to protect personal data “by design and by default.“ Though the GDPR doesn’t contain detailed technical requirements for data security, it does call out the use of pseudonymisation as an appropriate mechanism for data protection. Pseudonymisation, replacing identifying or sensitive data with a pseudonym, is synonymous with tokenisation, replacing sensitive data with a token, a technology utilized by the Payment Card Industry for years to protect PCI.
Learn more about how TokenEx can help your organisation reduce PCI scope and meet your data security obligations under the GDPR at https://tokenex.com. Follow us on Twitter and LinkedIn. Ph. +1.877.316.4544
ECSC Group plc are a 'full service' cyber security provider, having been established for almost two decades. We were the first UK organisation to achieve PCI DSS Level-1 Service Provider Certification for a wide range of IT security managed services. We can also provide flexible solutions to help achieve rapid compliance to the PCI DSS standard. Our PCI specialists are all Payment Card Industry Qualified Security Assessors (PCI QSA).
GoAnywhere MFT secures and streamlines the exchange of data between systems, employees, customers, and trading partners. Deployable on-premises, in hybrid environments, and to cloud computing platforms like AWS and Microsoft Azure, this secure file transfer solution provides organizations with a single point of control while encrypting data with industry-standard encryption and protocols (e.g. OpenPGP, AES, SFTP, SCP, AS2, and HTTPS). Easy to install and use, it exchanges files via batch, collaboration, and ad-hoc methods.
GoAnywhere comes with extensive, enterprise-level features that meet security settings for company policies and compliance regulations like PCI DSS, HIPAA, and the GDPR. Detailed audit logs and reporting functionality help track all file transfer, user, and administrator activity, which can be compiled and distributed in case of an audit.
Rather than using manual processes to send and retrieve sensitive information, GoAnywhere’s comprehensive workflows help eliminate the need for traditional custom programs, homegrown scripts, and single-function tools. Advanced workflows can accommodate up to 60 different tasks for compression, data translation, integration, and more, and can be automated using GoAnywhere’s built-in scheduler and/or trigger capability. Other features include secure mail capabilities, secure folders, file sync and sharing, and cloud integrations with popular applications like Google Drive, SharePoint, Salesforce, and more.
GoAnywhere MFT reduces costs, simplifies and streamlines the file transfer process, and helps organizations of all sizes and in every industry meet strict encryption standards. Deployable on any operating system, it is ready to go within minutes of download. Try a free, 30-day trial at www.goanywhere.com/trial.
Netwrix Corporation focuses exclusively on providing complete visibility for data security and risk mitigation in hybrid IT environments. This sharp focus enables us to offer much more robust functionality than legacy change auditing tools. Over 10,000 customers worldwide have already chosen Netwrix Auditor over change auditing software.
18 years young and headquartered in Newcastle Upon Tyne, SRM are on a mission to demystify the world of information security. Our specialist consultancy and bespoke range of solutions help our clients feel safe, protected and confident in cyber space, At SRM, we offer an exceptional skill-set and depth of experience, all delivered with first-class personal service.
SRM is chosen by leading brands and SME's alike to assist in the planning and execution of security projects, safe in the knowledge that the required result is always delivered. Every project is led at a strategic level by a senior member of the SRM team, with expert individuals managing the day-to-day process. This team is available and in contact with clients on a regular basis to ensure they are fully aware of progress at all times.
Despite boasting the highest credentials within the Payment Card Industry and Cyber Security sectors, we consider the relationship with our clients to be one of true collaboration. We pride ourselves on being at the very forefront of developments within the cyber security industry. And behind every accreditation and appointment there is a drive toward excellence in each and every aspect of this sphere. But our focus is not on gaining badges or awards, but on using our cutting edge expertise to remedy breaches, minimise damage and develop defences while delivering additional value, peace of mind and security to our clients.
Semafone’s flagship Cardprotect solution makes it easy and cost effective to accept payments over the phone and strengthen data security, while meeting PCI DSS compliance.
Cardprotect allows callers to enter their payment card details directly into their telephone keypad, rather than reading them aloud – it does this using Semafone’s patented payment method that utilises DTMF masking technology. Cardprotect replaces the telephone’s keypad tones with flat tones, ensuring that the payment card details are not captured on phone recordings and cannot be deciphered by either the contact centre agent on the line, or a cybercriminal who could hack into the network systems. The payment card data is encrypted and seamlessly sent straight to the payment service provider (PSP), meaning that it never enters your contact centre infrastructure. Through this entire process, the contact centre agent stays on the line, in full voice communication with your customers to ensure a positive customer experience.
By ensuring that sensitive payment card data does not touch the contact centre’s network infrastructure, Cardprotect dramatically reduces the scope for PCI DSS, reducing the cost, burden and complexity of compliance.
The world’s leading and iconic brands trust and depend on Semafone to safeguard their customers
- Semafone retains all four leading security and payment certifications - ISO 27001:2013, PA DSS for Cardprotect when deployed on-premises, PCI DSS Level 1 Service Provider and listed as a Visa Level 1 Merchant Agent
- Only vendor with all four certifications
- Highest number of customer deployments, clients, countries, agents and years in the contact centre business
- 80,000+ contact centre CSR seats worldwide
- Delivers both carrier class cloud and on-premise solutions
- Open and flexible architecture make it easy to deploy
- Industry leading partners; including BT, Gamma, Genesys and Oracle
- PCI Winner for Excellence 2017 & 2018, Best in Business Award 2018 and CNP Best Call Centre 2017.
Silver Lining is a professional IT and telecoms provider offering the very best in business IT, telecommunications, data and mobile solutions. Whether it’s business broadband, telephone systems, IT infrastructure, mobiles, or just a memorable phone number – we’re here to help.
Through trusted long-term relationships with our clients, the team at Silver Lining realised that shopping around for suppliers is an unwelcome challenge. UK businesses would rather source their IT and telecommunication solutions through a single vendor who are able to present the bespoke solutions with a consultative approach – helping you maximise your full return of investment.
We have a team of experts, skilled and experienced across the entire communications spectrum, from handsets to hosting and everything in between. We provide show-stopping solutions through our team of Splicecom, Avaya, Cisco, Microsoft, HP, VMware, Citrix, and mobile app specialists. Our combined knowledge, innovation and expertise have led to contracts with household names.
The launch of our fourth-generation cloud platform RevolutionCloud enables us to offer a unique solution to operate and manage your entire infrastructure – differentiating our offering from those ‘off-the-shelf’ solutions available.
RevolutionCloud has granted us the opportunity to build a PCI compliance solution based entirely within the cloud and achieved the ‘Innovation of the Year’ award for our achievement in the PCI compliance field. Our DTMF masking solution was built to de-scope the contact centre and bring complete security to telephone card payment services.
At Silver Lining, we understand every business is different - one size definitely does not fit all. We work with you to understand exactly what you need, then build and implement the solution that’s right for your business. Our unified communications services can offer you improved efficiency, reduced running costs and the flexibility to easily upgrade as your business grows. We pride ourselves on thinking ‘outside the box’ – find a solution that truly meets your needs.
As the first cloud contact centre services provider in Europe, and a supplier of PCI DSS level 1 certified cloud and scope reducing on-site PCI solutions, Ultracomms has been providing inbound, outbound and blended services for over a decade. Our unique approach to development and support based on collaboration ensures the solutions we provide are tailored to fit individual client needs and are able to flex and adapt as requirements and technology demands change.
With customer-led feature development and proactive campaign monitoring and support we are able to help clients achieve maximum productivity while delivering best-in-class service to their end customers - enabling them to remain at the forefront of the rapidly evolving contact centre market.
Our open standards development philosophy ensures our cloud and on premise solutions are simple to integrate with any telephony infrastructure, software or CRM system, and our leading technology partners enable us to deliver advanced Omni-channel features to provide a complete contact centre solution.
- Contact centre technology to improve performance
- PCI DSS level 1 certified cloud and on-site solutions
- Resilient, flexible and scalable to suit your ongoing needs
- Simple integration with your existing infrastructure and any software or CRM system
- Advanced speech analytics to enhance your customer experience
- Data management and reporting made simple
- Proactive campaign monitoring and support
- In-house R&D delivering customer-led features and solutions
SecureTrust™, a division of Trustwave, is focused on helping businesses achieve, exceed and maintain regulatory obligations as threats to data and privacy continue to evolve. We deliver world-class consulting, compliance and risk assessment services and solutions for the enterprise market as well as tailored merchant risk management programs.
Since 1995, Trustwave has pioneered innovation and built a reputation as a leader in the payment card industry. This innovation has extended to several regulatory initiatives necessary for conducting business in today’s global environment and is the cornerstone of the SecureTrust™ business.
SecureTrust™ services include:
Enterprise Global Risk & Compliance Services
A strategic approach to managing compliance and IT risk challenges from PCI to GDPR to security maturity. Services include PCI DSS Compliance, Data Privacy (incl GDPR), ISO and Risk Consulting.
Merchant Compliance Programs
Comprehensive and customizable programs for merchant service providers to enable risk reduction, and business growth. Includes automated tools for real-time program monitoring and integrated security tools to aid self-Assessment and simplify PCI DSS compliance.
SecureTrust™ offers a portfolio of compliance technologies to help support compliance, risk, security maturity and data privacy programs such as penetration testing, EndPoint Protection, Network Access Control, FIM and DLP.
SecureTrust™ has a one of the world’s largest networks of experienced QSAs based in 16 countries and compliance offerings that include both self-managed portal-based options or fully managed solutions. Our mission being to take the complexities out of attaining and maintaining compliance.
For more information, visit www.securetrust.com