Julian Sawyer, Chief Operating Officer, Starling Bank
Innovative methods in PCI and payment card security
How a digital-only bank is approaching PCI
Approaches to preventing card-not-present fraud
►PCI Descoping is no Silver Bullet - How Travis Perkins Addressed the Human Factor
Nick Bleech, Head of Information Security, Travis Perkins
De-risk your PCI compliance footprint by descoping the card data environment: use point to point encryption, call masking and i-frame etc. - but this is no 'silver bullet'
Residual requirements need awareness and training - to address 'the human factor'
How Travis Perkins approached this for both initial PCI certification and long term 'BAU' compliance
Lessons we learned
► Tokenisation - a Smart Way to Increase Data Security and Decrease Costs
Jürgen Petri, Senior Product Manager PCI, Lufthansa Systems
The EU GDPR intends to increase data privacy by strengthening protection of personal data for individuals. This puts increased regulatory pressure and additional costs on companies. This presentation will show how an already exisiting approach (tokenisation) for an already existing security standard (PCI DSS) might help to deal with the challenges of EU GDPR
Approaches to comply with PCI DSS
Advantages of tokenisation
How tokenisation helps to meet PCI DSS and EU GDPR standards
► Merchant Case Study - Getting a ROI From Evidencing PCI Compliance Channel-by-Channel
Connie G. Penn MIMC, Card Payments and PCI DSS Subject Matter Expert, Consultant to Ann Summers & Vice Chair of Acquirers SIG at the UK Cards Association
Organisations accepting card payments are contractually required to implement and evidence that security processes to protect card data comply with the PCI DSS. Evidencing compliance provides different challenges depending on whether the merchant has a large IT infrastructure or is a medium to small enterprise, where most of the IT infrastructure and payment processes have been outsourced.
In 2013, a medium-sized enterprise took a different approach to evidencing its compliance and embarked on a pilot to help address the security challenges associated with evidencing its PCI DSS compliance. Though this case study, we will share how:
Chaging the merchant approach to risk management
Streamlining the processes for evidencing PCI DSS compliance
can enhance the overall business value and can help gain an ROI in other areas of the organisation
► Working to the Spirit of PCI
Steve Lamb, Technical Director at Cipher
Treating PCI as just an expensive checklist won¹t make you more secure
Mandated controls are the low bar. Hackers work to the high bar.
How to ensure your business can match its appetite to risk, controls and agility
Use of automated technology can bear much of workload, but an organisation needs to go above and beyond a technology implementation
Latest contact centre challenges With contact centres handling large numbers of transactions on a daily basis, de-scoping and ensuring PCI DSS compliance is crucial.
Reducing the risks associated with contact centre staff
De-scoping technologies and solutions
Telephony and non-Telephony compliance problems that are often overlooked
Improving internal awareness The responsibility for ensuring cardholder data are secure lies not only with the IT department but with staff across organisations.
Effectively communicating PCI DSS through organisations
Ensuring management and boards appreciate the importance of PCI DSS compliance
Reducing the risk of social engineering and other human error
All roads lead to PCI DSS? PCI DSS can be seen as the most convenient convergence framework for complying with burgeoning global cyber and payments regulation:
PSD2, NIS, GDPR, ISO27001: building a framework for total compliance
The increasing role of PCI DSS in mandatory compliance frameworks
Using PCI DSS programmes to reduce the cost and burden of new regulations
From PCI to the P&L
Compliance is not just about avoiding costs, it's about driving revenues:
Using payment security to win and retain contracts
The rising costs of non-compliance
Working with vendors to meet sales deadlines
Securing new payment processes The proliferation of new payment providers brings problems of choice and security:
Understanding the underlying processes for scope and vulnerability