London, England 16 – 18 October 2018

Europe Community Meeting

London, England

16 – 18 October 2018


ペイメントカード業界にとって、年間最大のデータセキュリティイベントをお見逃しなく。Join us for: Networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers.


The PCI Security Standards Council’s 2018 Europe Community Meeting is THE place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches. Don’t miss out!


Hear from past attendees on their experiences and the benefits of attending a PCI SSC Community Meeting by viewing this video:


Join us for three days of discovery, updates and insights from members of the Council and regional community figures and merchants.

TUESDAY, 16 October
発表者:Jeremy King, International Director – Europe, PCI Security Standards Council
発表者: Lance J. Johnsonエグゼクティブディレクター、PCIセキュリティ基準審議会
14:00-14:45Industry Panel Discussion
司会者: Lance J. Johnson, Executive Director, PCI Security Standards Council
討論者:Oscar Covers, Cyber Security Analyst, Dutch Payments Association, Christian Delporte, European Liaison, EMVCo, Gert Huizinga, Senior Consultant Card Solutions, ING and Troy Leach, Chief Technology Officer, PCI Security Standards Council

15:15-16:00基調講演:Cybersecurity – a Behind-the-Scenes View
発表者:Christopher Novak , Director, Verizon Threat Research Advisory Center and Joshua Costa, Senior Consultant, Investigative Response, Verizon Threat Research Advisory Center

Chris Novak and Josh Costa will walk through some of the key findings from Verizon’s 2018 Data Breach Investigations Report. The session will include a behind-the-scenes investigator’s view into some real-world cases. Learn how to apply these practices to your cybersecurity strategy while raising security awareness and reducing cyber risk exposure.
発表者:Troy Leach, Chief Technology Officer, PCI Security Standards Council
17:00-18:45Welcome ReceptionSponsored by
WEDNESDAY, 17 October
発表者:Jeremy King, International Director – Europe, PCI Security Standards Council
9:45-10:45基調講演:CyberSecurity in the Age of Espionage
発表者:Eric O'Neill, Former FBI Counterintelligence Operative, Founder, The Georgetown Group and National Security Strategist, Carbon Black

The Internet is not a safe environment. It is a frontier. Recent years have seen a massive increase in cyber theft of private and confidential information from government agencies, business and private individuals. The modern spy is responsible for these attacks. Today's spies are sophisticated, brilliant, devious and technologically advanced, and they are targeting your data. Robert Hanssen was the first of these new cyber spies, charged with selling American secrets to Russia for more than US$1.4 million in cash and diamonds. His ability to exploit computer systems allowed him to protect his identity during a 22-year spy career. Join Eric as he uses real-life spy stories to show how careful diligence, counter-espionage techniques, and restraint in social media can help identify the numerous spies, hackers, hacktivists and trusted insiders that threaten every stroke of the keyboard.
Track One
Technology Track
Sessions will examine technical aspects of payments security standards and implementation. Best suited for those interested in looking at processes and technologies used to protect payment data and supporting systems.
Track Two
Business Track
Sessions will examine business challenges within payment security and include case studies and best practices. Best suited for those interested in strategic planning and implementation of governance programs for making payments safer.
11:15-11:45Mobile Payment Initiatives
発表者:Michael Thompson, Senior Manager, Emerging Standards, PCI Security Standards Council

An overview of recent mobile payment initiatives, which will include the recently released Software-based PIN Entry on COTS (SPoC) Standard in addition to the effort regarding contactless payment acceptance on merchant COTS devices.
PCI DSS: The Future is Now
発表者:Jake Marcinko, Standards Manager, PCI Security Standards Council

For a long time, organizations have been looking “forward” to implementation dates and deadlines that would arrive sometime in the future. With the release of PCI DSS v3.2.1, that future is now the past. Join this session to learn about what PCI DSS means today and how the security standard is shaping up for the future.
11:55-12:25EMVCo Initiative Overview
発表者:Christian Delporte, European Liaison, EMVCo

Over recent years, the payments ecosystem has expanded to incorporate new technologies across the face-to-face and remote payment environments.

As payment technologies continue to advance, technical body, EMVCo is committed to evolving the EMV® Specifications to promote global interoperability and enhance security. This commitment has been demonstrated by various initiatives to address emerging challenges and meet new requirements, including EMV Secure Remote Commerce, EMV 3-D Secure (3DS) and the EMV 3DS Testing Platform, EMV payment Tokenisation.

Within this presentation, EMVCo will provide delegates with an update on the above work items and demonstrate how its scope has broadened over recent years to align with requirements from the payments ecosystem.

It will also explain how the wider payments community can play an active role in the strategic and technical direction of EMVCo through participating in the EMVCo Associates Programme.
PCI DSS and Cloud - Navigating in Reduced Visibility
発表者:John Markh, Standards Manager, PCI Security Standards Council
2017 Cloud SIG participants: Jonathan Lewis Christopherson, Principle Engineer, Target Corporation and Tabitha Gallo, Senior Security Consultant, Herjavec Group

As more and more business adopt cloud infrastructure and services, there is a need to better understand the business, technical and operational issues that may impact the security of payment data. In the session, the presenters will share their experiences managing PCI DSS compliance in cloud deployments.
12:35-13:05Broken Foundations - The Deep Malaise of Inadequate Patch Management
発表者:Jacob Ansari, Director, Schellman & Company, LLC

Advances in information security tools and practices have not alleviated the fundamental need for aggressively applying security patches and fixes to systems. Furthermore, regular security studies about security incidents show the need for prompt and thorough updates. Despite this, many organizations fail to prioritize this or struggle to execute successfully. This session will explore some of the reasons for this and consider some solutions.
Women in PCI and Cybersecurity Panel
司会者:Gill Woodcock, Senior Director of Certification Programs, PCI Security Standards Council
討論者:Stacy Hughes, Senior Vice President, IT Governance, Risk and Compliance, Global Payments, Tracey L. Long, Senior Payment Data Security Manager, WorldPay, Stanley Skoglund, Co-founder & Director, The Minerva Partnership, and Phyllis Woodruff, Vice President, Enterprise Cybersecurity Programs, Fiserv

Women comprise only 11 percent of the global information security workforce. This panel will discuss: How everyone got involved in PCI, lessons learned, key challenges facing us now, mentoring the next generation, how to overcome obstacles, advice for women and men getting into the field and what the future brings.
13:05-14:05ネットワーキングランチおよびベンダー展示会Sponsored by
14:05-14:35Passwords are NOT What They are CRACKED Up to Be (Live Demo)
発表者: Rob Harvey, Director, Risk, Security and Privacy, Online Business Systems and Adam Kehler, Senior Consultant, Risk, Security and Privacy, Online Business Systems

In this session, Online Business Systems will demonstrate ways for retailers to implement stronger password composition and storage mechanisms to ensure account credentials are not at risk. Through audience participation, we will generate a compliant password and then use password cracking tools to break it. We will provide practical recommendations on how to strengthen your cybersecurity program in accordance with the new NIST Special Publication 800-63B Digital Identity Guidelines.
How are New Privacy Regulations Affecting Your PCI DSS Program
発表者:Adriana Gliga-Belavic, Partner Cyber Security and Privacy, Canadian Payments Security & PCI Practice Leader, PricewaterhouseCoopers LLP (PwC)

Managing newly introduced privacy regulations in Europe and North America are hitting the news almost every day. In this changing environment, where credit card information is also considered personal information, most privacy standards and regulations will dictate how this data must be collected, used and disposed of. Both PCI DSS and privacy regulations have the same objective, which is to protect customer data, but are there aspects in common, and can we leverage our compliance efforts to meet both effectively? Find out more in this session.
14:45-15:15 Proliferation of Point-to-Point Encryption (P2PE) – Panel
司会者:Dan Fritsche, Vice President, Solution Architecture, Coalfire
討論者:Rodney Farmer, Member, European Association of Payment Service Providers for Merchants (EPSM) and Ruston Miles, Chief Strategy & Innovation Officer, BlueFin

This will be an all industry panel discussing the proliferation of point-to-point encryption (P2PE). The purpose of the session is to share real-life experience for validating and implementing P2PE solutions with merchants, gateway and solutions providers and will cover:
  • Use Case of a listed P2PE partnership
  • Best Practices for P2PE
  • What is fueling the growth of listed solutions and why should merchants adopt them?
  • How does P2PE help a merchant to protect their environment?
  • What is the fine balance between operations, security, and compliance?
  • How can we leverage third-party solution providers to protect the merchant’s environment?
Compliance Cycles and Close Calls
発表者:Jean-Louis Lamacchia, Standards Development Manager, PCI Security Standards Council
2018 SIG participants: Alan Gutierrez-Arana, Principal, Risk Advisory Services National Leader Payment Card Industry (PCI) Services, RSM US and Wayne Murphy, Senior Security Consultant, Sec-1 Ltd.

It’s been a busy year for Special Interest Groups (SIGs). In this session, the Chairs and participants of the 2018 SIGS “Maintaining PCI DSS Compliance” and “Securing Telephone-Based Payments” will share their insights on these topics and what to look forward to in the upcoming guidance documents.
15:25-15:55Cryptography Prepares for Schrodinger's Cat
発表者:Ralph Spencer Poore, Director, Emerging Standards, PCI Security Standards Council

Preparing for the inevitable changes in cryptography ranging from the latest moves by PCI SSC through to Quantum Resistant Algorithms. This session discusses the need for crypto-agility, i.e., isolating cryptographic functions to help futureproof your organization since cryptographic algorithms of necessity change as technology and cryptanalysis improve.
Internet of Payments - Payment Services for an IoT-infrastructure
発表者:Joachim Dorschel, Managing Partner, DPS Group

More and more IoT use cases require payment functions. Machine-to-machine-payments will emerge as an essential part of many IoT business models and related applications. Existing IoT platforms are focused on device management and big data analysis. Existing payment services are designed for human interaction. In this use case learn how a generic approach of bringing these two worlds together and how to apply this approach to an existing environment: payment of parking services in car parking.
16:25-16:55‘You Shall Not Pass!' Segmentation Done Right
発表者:Joseph Pierini, Vice President, PSC and Phyllis Woodruff, Vice President, Enterprise Cybersecurity Programs, Fiserv

Segmentation isn't easy. There are many processes and systems that need access to the CDE and isolating the card data from the rest of the business can break critical business needs. Segmentation, when done right, can allow the business to continue without interruption while securing PAN data against unauthorized access. PSC has pen tested hundreds of segmentation designs and has seen some that work, some that might work and some that were a waste of money and resources. In this session, we'll cover the common points of compromise to your network and review the most common segmentation design schemes to identify which ones are smoke and mirrors and which ones can stand up against a direct assault.
PCI DSS Control Framework at Royal Dutch Shell
発表者:Erik Pols, Retail Information Risk Manager, Royal Dutch Shell Ltd. and Rodolphe Simonetti, Managing Director, Security Consulting, Verizon

For PCI DSS Compliance, Royal Dutch Shell developed a Control Framework to embed and sustain PCI compliance activities to be better prepared for future changes of the standard, technology or business processes. Shell is managing PCI DSS requirements by operating 55 controls. The approach required the support of the QSA (Verizon) who had to align their ways-of-working. In this case study, Shell and Verizon will show the challenges faced when creating and implementing the PCI DSS Control Framework and the benefits when assessing Shell's retail markets.
17:05-17:35How the [email protected] R U? Insider Look into Cybercrime Dark Web
発表者:Rashmi Knowles, Field CTO, EMEA, RSA

Digital channels are ground zero in the fight against fraud. With 3B+ consumer credentials stolen annually, cybercriminals have the advantage and are looking to execute upon them. In this session, take a tour of the Dark Web, learn how cybercriminals hunt for potential points of compromise in our payments ecosystems, explore popular credential stuffing toolkits, and the use of social media as a rising cybercrime communication channel.
You Can Be Open with Your Acquirer, We're Not the PCI Police
発表者:Ian Butler, Head of EU Security Products, Elavon Merchant Services

Your acquirer should be your best friend and confidante when it comes to PCI. Join this session and learn how your acquirer can help you tackle your PCI scoping and compliance challenges.
17:45-18:15What’s Your User [Security] Story!?!: Engaging Developers in the Battle for Software Security Supremacy - Panel
司会者:Jake Marcinko, Standards Manager, PCI Security Standards Council
討論者:Jacob Ansari, Director, Schellman & Company, LLC., Jonathan Lewis Christopherson, Principal Engineer, Target Corporation and Chris Campbell, Consultant, Solution Architect, Veracode

As cyber-attacks increasingly target applications, software vendors and software developers are becoming more engaged in efforts to combat and prevent cyber-attacks. However, software development personnel have different priorities than security experts, and security experts need to be able to articulate security needs in development terms in order to bridge the gap. Join us for a panel discussion on modern trends in software development, the methods in which developers measure quality and success, and discover what the PCI SSC is doing to engage the Software Development Community and to improve the quality and security of payment software.
Choose Wisely: Tips on Selecting the Right Payment Terminal for Your Business
発表者:Berny Goodheart, Standards Manager, PCI Security Standards Council

A terminal can represent a business-critical piece of equipment that may have a multiyear commitment for your business, yet many people do not understand what this means to their business. This presentation will communicate:
  1. What are the different terminal types and understanding the acronyms alphabet (POS, PTS, POI, HSM, EPP, PED, SCR, SCRP, UTP)
  2. Understanding the normal use case or cases for different terminal types
  3. How to validate the device is indeed a PCI PTS approved device.
THURSDAY, 18 October
発表者:Jeremy King, International Director – Europe, PCI Security Standards Council
9:30-10:30基調講演:To the End of the Earth
発表者:Tom Avery, Record-Breaking Explorer, Author and International Speaker

Tom Avery, outstanding adventurer, polar explorer, and mountain climber, truly will take you to the ends of the Earth in his presentation. In his own entertaining way Tom use examples from his explorations to illustrate important business lessons including adapting to a changing environment and overcoming challenges. In addition, he will display how he has pursued continuous improvement in his adventures that allowed him to achieve record breaking results. At the completion of his presentation attendees will feel that they have had a true experience.
11:00-11:45Security with My Chips, Please. How to Help Small Merchants Protect Their Business - Panel
司会者:Lauren Holloway, Director of Standards Coordination, PCI Security Standards Council
討論者:Natasja Bolton, Senior Acquirer Support QSA, Sysnet Global Solutions, Mathieu Gorge, CEO and Founder, Vigitrust, Amanda Rodgers, Community Director, Vendorcom and Marie-Christine Vittet, Data Protection Manager, AccorHotels

Small merchants are suffering devasting security breaches at an alarming rate. Join us for this panel discussion to understand the situation and how you can help small merchants, and to hear about new resources available from the Council.
11:45-12:15Emotional Insights from EU Assessments and Cardholder Data Breach Investigations
発表者:Andrew Henwood, CEO, Foregenix

During this session, Foregenix will provide a regional perspective on consultative engagements across PCI, PA, P2PE and relate to our extensive work in real-world forensic investigations and incident response on headlining cardholder data breaches. Themes covered will include organisational reactions, responses, take-away best practice recommendations and how to think differently to mitigate risk.
12:15-13:00How Industry Collaboration and Feedback Shapes PCI Programs
発表者:Mauro Lance最高執行責任者、PCIセキュリティ基準審議会

Join this session for walkthrough of how our industry collaboration and feedback has shaped current and upcoming PCI Programs.
13:00-13:05Closing Remarks
発表者:Mauro Lance最高執行責任者、PCIセキュリティ基準審議会
13:05-16:05Assessor Lunch and Session (QSAs, ASVs, and ISAs only)
Join your peers for an interactive session and Q&A with the PCI SSC team to discuss what is new for assessors and tips for ensuring your assessments get great feedback

Secure your spot at the 2018 Europe Community Meeting.




















An exclusive opportunity to position your company as a leader in the global payment security industry




In conjunction with the Europe Community Meeting, training courses are now available, allowing attendees to make the most of their travel time and budgets. 講習会は、ウェスティンホテル東京で開催されます。

3DS Assessor Training | 8 Oct

The one-day 3DS Assessor class provides instruction on how to perform assessments of 3DS Environments in accordance with the PCI 3DS Core Security Standard.

Qualified Security Assessor Training | 9-10 Oct (2 sessions)

2日間の有資格セキュリティ査定者クラスでは、PCI DSSへの順守が義務付けられている加盟店、

Internal Security Assessor Training | 11-12 Oct

2日間の企業内セキュリティ査定者(ISA) クラスは、大型加盟店、銀行、処理者が、社内決済データセキュリティの専門知識を獲得し、PCI基準への順守の効率性を高めるためのものです。

Point-to-Point Encryption Training | 11-12 Oct

The two-day Point-to-Point Encryption (P2PE) class provides a solid foundation of understanding of each of the comprehensive requirements included in the Point-to-Point Encryption Standard. Depending on prerequisites, candidates may earn the certification of Point-to-Point Encryption Qualified Security Assessor qualification or Point-to-Point Encryption Payment Application Qualified Security Assessor qualification.

Payment Card Industry Professional Training | 15 Oct

The one-day Payment Card Industry Professional (PCIP) outlines the PCI Standards and provides you with the tools to build a secure payments environment and help your organization achieve PCI compliance.

Get the latest updates on the 2018 Community Meetings by joining our mailing list.

Powered By OneLink