Training at the Conference
3 – 4 September

Qualified Security Assessor Training

3 – 4 September

Internal Security Assessor Training

5 – 6 September

Payment Application Qualified Security Assessor Training

6 September

PCI Awareness

12 – 14 September

Point-to-Point Encryption Assessor Training

Conference Tracks:

Technical

Sessions are specifically geared towards those that are directly involved or responsible for the implementation, assessment, and maintenance of PCI Standards, providing updates and application guidance on the standards and supporting programs and resources.

Business

Sessions are designed to address payment security topics at a high-level with broad application across business functions and job titles.

Day one – 9 September
7:30 a.m7:30 p.m.

Registration Open

1:00 p.m.3:00 p.m.

The Technology Symposium

Presented by: PCI Security Standards Council Standards and Operations Team

Conference Track: Technical

Understanding PCI Standards, the additional services and technology solutions available and how to apply them in today’s business environment is critical to securing the future of payments.
This in-depth session will cover a variety of these resources and topic areas, including:

  • Making payment security business-as-usual with PCI Data Security Standard (PCI DSS) 3.0
  • Scoping and segmentation
  • Service provider relationships
  • Self-Assessment Questionnaires (SAQ) and compensating controls
  • How do Qualified Security Assessors (QSA), PCI Forensic Investigators (PFI), and acquirers and merchants work together?
  • Myths about PCI Standards
3:00 p.m.3:30 p.m.

Networking Break

3:30 p.m.5:30 p.m.

The Technology Symposium (continued)

Presented by: PCI Security Standards Council Standards and Operations Team

Conference Track: Technical

Understanding PCI Standards, the additional services and technology solutions available and how to apply them in today’s business environment is critical to securing the future of payments.

This in-depth session will cover a variety of these resources and topic areas, including:

  • Point-to-Point Encryption (P2PE)
  • PCI Payment applications and PIN Transaction Security devices  (PA-DSS and PTS)
  • Approved Scanning Vendors  (ASV)
  • Other PCI initiatives

Attendees will have the opportunity to submit questions to be addressed at the end of the session.

4:00 p.m.5:30 p.m.

Welcome to the Community Meeting – An Overview of PCI for First Time Attendees

Presented by: PCI Security Standards Council Staff

Conference Track: Business

Attend this session to hear all you need to know to make the most of your experience and understand what’s ahead, including: networking opportunities, social media and the mobile app, and a PCI 101.

6:00 p.m.7:30 p.m.

Welcome Reception

Day two – 10 September
7:30 a.m.6:30 p.m.

Registration Open

7:30 a.m.9:00 a.m.

Networking Breakfast and Vendor Showcase
Payment Brand and Council Office Hours

9:00 a.m.9:30 a.m.

Welcome and Introductions: Lib de Veyra, Executive Committee, JCB International, Chairperson, PCI Security Standards Council

Presented by: Bob Russo, General Manager, PCI Security Standards Council

Hear welcoming remarks and to learn what will be covered over the next two days.

9:30 a.m.10:30 a.m.

Securing the Future of Payments Together

Presented by: Bob Russo, General Manager, PCI Security Standards Council; Stephen W. Orfei, Incoming General Manager, PCI Security Standards Council; Lib de Veyra, Executive Committee, JCB International, Chairperson, PCI Security Standards Council

Hear an overview of current Council initiatives and what’s in store for 2015.

10:30 a.m.11:00 a.m.

Networking Break and Vendor Showcase
Payment Brand and Council Office Hours

11:00 a.m.12:00 p.m.

Keynote — Sailing the Cyber Sea: The New Realities of 21st Century Security

Presented by: Adm. James Stavridis, Former NATO Supreme Allied Commander Europe and Commander of the U.S. European Command

Emerging security concerns will be addressed in the future with a combination of cyber capabilities, unmanned vehicles and drones and special operations forces. In particular, the reach and function of cyber tools will change how we view the world and keep ourselves safe in it. Admiral James Stavridis lays out the future of 21st century security tools that are very untraditional in their reach and application. He describes for audiences how the world of international defense is fundamentally changing before our eyes, and how that will impact business, personal life and the global marketplace.

12:00 p.m.1:30 p.m.

Networking Lunch and Vendor Showcase

12:00 p.m.6:30 p.m.

Payment Brand and Council Office Hours

1:30 p.m.5:00 p.m.

Breakout Sessions

Let’s Talk Technology

The Business of PCI

1:30 p.m.2:20 p.m.

PTS Particulars

Presented by: Leon Fell, Director, Solutions Standards, PCI Security Standards Council

Conference Track: Technical

Device manufacturers, card vendors and testing labs will have the chance to hear the latest updates on the PIN Transaction Security (PTS) program as well as a dedicated Q&A session. Other stakeholders will understand the breadth of the PTS requirements and learn how to use PCI Security Standards Council PTS program listings to choose a secure device.

Measuring the Success of Your PCI Strategy

Presented by: Troy Leach, Chief Technology Officer, PCI Security Standards Council

Conference Track: Business

Wondering how to measure the ROI of your PCI efforts? Attend this session to hear first-hand from the Council’s Chief Technology Officer, Troy Leach, on how to evaluate metrics around your security efforts and how they contribute to your bottom line.

2:30 p.m.3:20 p.m.

Forensics Presentation

Presented by: Christopher Novak, co-author, DBIR and lead computer forensics investigator, Verizon Enterprise Solutions

Conference Track: Technical

Christopher Novak will address the evolving threats that organizations face as they seek to mitigate information security risks and protect critical PCI data. Industry best practices for protecting PCI data as uncovered by Verizon’s 2014 Data Breach Investigations Report (DBIR) will be discussed in addition to evolving security challenges in our increasingly complex, global, digital society.

Verizon’s annual DBIR gives a comprehensive view of how cybercrime is impacting organizations in the payment card industry and what those organizations can do to protect themselves and their customers. The 2014 report analyzed 1,300+ breaches, 63,000+ security incidents across 95 countries with data contributed from 50 global security organizations.

EMV Chip Update

Presented by: Randy Vanderhoof, Executive Director, EMV Migration Forum (EMF)

Conference Track: Business

This session will provide attendees with insights into the EMV chip migration process in the U.S. and how this impacts PCI security efforts.

3:20 p.m.3:50 p.m.

Networking Break and Vendor Showcase

3:50 p.m.5:00 p.m.

Breakout Sessions

Let’s Talk Technology

The Business of PCI

3:50 p.m.4:25 p.m.

Tokenization

Presented by: PCI Security Standards Council Standards Team

Conference Track: Technical

Looking for more details on tokenization? Attend this session to hear the latest updates on the PCI tokenization standard and program and how it supports a multi-layered approach to payment security.

PCI in Practice: Business Case — Expanding the Conversation – An Approach for Converging Risk Management and PCI Compliance

Presented by: Rich Licato, Managing Director, Corporate Security, ARC

Conference Track: Business

How do you increase PCI awareness, maintain compliance and improve your risk management program? Expand the conversation and focus of your PCI, compliance and risk management activities! This session will address how PCI DSS fits into the bigger picture of data protection and corporate risk management and the path ARC took for program improvement. By focusing on the larger context of the enterprise and sensitive information, it is easier for staff to understand and embed PCI DSS compliance in their daily activities. This case study will focus on ARC’s environment prior to Mr. Licato’s arrival at the Company, the effort that was required for PCI certification at that time, the team’s preparation for ISO 27001 certification, and ARC’s experiences and efforts after obtaining ISO 27001 certification in March 2013.

4:25 p.m.5:00 p.m.

Open Forum

Presented by: PCI Security Standards Council Standards Team

Conference Track: Technical

This session is designed to give attendees the opportunity to address members of the Council staff with questions on the standards and technical updates. Attendees can drop in at any time to ask their questions.

PCI in Practice: Technology Case — To Tech or Not To Tech?

Presented by: Robbyn Lennon, Program Coordinator Senior and Merchant Liaison, The University of Arizona, and Dustin Rich, Senior Security Analyst and Manager, PCI Assessments at SecurityMetrics

Conference Track: Business

Based on how they are applied, certain security technologies can indicate PCI compliance failure or success. Join the University of Arizona and SecurityMetrics in a lively back-and-forth discussion on managing PCI compliance in a large university setting. Attend this session to hear how the two worked together for over four years to correctly segment a complex departmental environment, eliminate security gaps with improved technologies, and mature their security posture.

5:00 p.m.6:30 p.m.

Networking Reception and Vendor Showcase

Day three – 11 September
7:30 a.m.10:00 a.m.

Registration Open

7:30 a.m.1:00 p.m.

Payment Brand and Council Office Hours

8:00 a.m.9:00 a.m.

Networking Breakfast and Vendor Showcase

9:00 a.m.9:05 a.m.

Welcome Remarks

Presented by: Stephen W. Orfei, Incoming General Manager, PCI Security Standards Council

Attend this session to hear what is in store for the third day of the North American Community Meeting.

9:05 a.m.9:45 a.m.

Keynote — Adventures of a Thiefhunter

Presented by: Bob Arno, Professor of Pickpocketry

To most security professionals, credit card thieves are invisible, mysterious, nefarious beings—rarely seen and never comprehended. Bob Arno, the celebrated comedy stage pickpocket and criminologist, has hunted pickpockets and identity thieves in the wild since 1994. From infiltrating criminal gangs of credit card thieves around the world, Bob Arno reveals the hearts, souls, and faces of men, women, and children who make their living by taking the money and property of others. Bob’s backdoor perspective will give you the thief’s-eye version of thievery, connery, scamdom, and swindlehood.

9:45 a.m.10:15 a.m.

Networking Break and Vendor Showcase

10:15 a.m.11:00 a.m.

2014 Special Interest Group (SIG) Updates

Presented by: SIG Chair Persons

Conference Track: Business, Technical

Hear a high-level overview of SIGs activity and what was accomplished in 2014.

11:00 a.m.12:00 p.m.

2015 SIG Proposals

Conference Track: BusinessTechnical

Make an informed decision in this year’s Special Interest Group election by joining your peers to hear them present firsthand their SIG proposals for 2015.

12:00 p.m.1:00 p.m.

Networking Lunch and Vendor Showcase

1:00 p.m.1:50 p.m.

PCI DSS Scoping

Presented by: PCI Security Standards Council Standards Team

This session will address common PCI DSS scoping scenarios and misconceptions and provide clarifications and tips for getting it right.

1:50 p.m.2:00 p.m.

Closing Remarks

Presented by: Bob Russo, General Manager, PCI Security Standards Council

2:00 p.m.3:00 p.m.

PCI Peers: Breakout Sessions

Community Share for Assessors

Presented by: PCI Security Standards Council Standards Team

Conference Track: Technical

In this assessors-only session, members of the PCI assessment community (QSA, ISA, ASV) will be able to ask their specific program-related questions.

Programs & Training Update and Open Forum

Presented by: Members of the PCI Security Standards Council Operations Team

Conference Track: Business

Join this session to learn more about how PCI programs and training can support your organization’s payment security efforts. Share feedback and ask questions on current offerings.

Community Meeting concludes.