Governance, Regulation & Compliance

 

Education Level: Intermediate

3312 - Introduction to PCI DSS Credit Card Security (Part 1) and Hot Topics in PCI DSS (Part 2)

Wednesday, September 27
10:00 AM - 12:00 PM

Part 1 of this two-part session is designed to be a mini boot camp to the PCI compliancy process for organizations that process credit card data electronically. We will start by providing an overview of the full 12 requirements of PCI-DSS 3.2. Next, we will cover the PCI scoping process and selecting the correct self-assessment questionnaire (SAQ) type. Also covered will be the industry trend to develop P2PE solutions that are designed to reduce scope and cost of security requirements for card holder data environments, as well as present some security tools required by specific PCI requirements. We will also discuss the process purchasing or upgrading your point-of-sales equipment to one with a favorable PCI SAQ type. Finally what to expect in this year’s changes from PCI DSS 3.1 to version 3.2.

Part 2 is for attendees that are already comfortable with PCI DSS basics or that attended Part 1. Attendees are encouraged to raises PCI-related topics. They like will include: POS applications and issues with vendors that don’t understand PCI requirements; working with QSAs and payment processors; P2PE solution providers; trends in PCI requirements; and how to best approach a good PCI program and compliancy. The goal is to have significant interaction between the attendees and the PCI panel.

NOTE: In-conference workshops this year have limited seating and require preregistration. If you would like to attend a certain workshop, please register for it during your registration process. Attendees will be checked in at the door and walk-ups may not be granted access if we reach room capacity.

Learning Objectives:

Dimitrios Hilton

Security Specialist
LOGIS (Local Government Information Systems)

Dimitrios Hilton, CISSP, currently serves as the lead security specialist for LOGIS (Local Government Information Systems), which is a government consortium of local government entities from around the State of Minnesota. His current responsibilities involve PCI compliancy and security, HIPAA risk analysis, developing security managed services for cities and counties, and security awareness training programs. He is also responsible for the ongoing development of the LOGIS Security Operations Center (SOC) and for the implementation of a wide range of cybersecurity tools addressing multiple layers of defense-in-depth protection. Additionally, Dimitrios helps cities and county entities develop cybersecurity roadmaps and budgets.

Presentation(s):

Send Email for Dimitrios Hilton

Travis Vaniter

VP Business Development
CardConnect

Travis Vaniter is VP of business development at CardConnect, one of the few companies to develop validated P2PE solutions designed to significantly reduce the PCI scope of payment applications. As a result, the company works with application developers to create APIs that integrate their P2PE solution with existing software so that companies can use software of their choice while saving time and money in their PCI compliance program.

Presentation(s):

Send Email for Travis Vaniter

Rush Taggart

CSO
CardConnect

Rush Taggart serves as the Chief Security Officer of CardConnect, a payment processing and technology solutions provider. CardConnect’s payment gateway and security offerings were primarily built by Rush during his time at Princeton Payment Solutions, acquired by CardConnect in 2012. He rebuilt the existing Payware and CardSecure C++ applications into Java, adding significant user functionality as well as platform portability. In 2014, CardConnect was awarded two patents related to payment security that were a direct result of Rush's work. Recently, he developed a retail terminal solution for CardConnect's SMB customers, providing a PCI-validated P2PE solution that is also EMV-ready.

Presentation(s):

Send Email for Rush Taggart

Beth Yurchisin

Information Technology Coordinator
City of Golden Valley

Beth Yurchisin currently serves as the manager for the Information Technology department for the City of Golden Valley. Her background includes infrastructure design and hardware installation, configuration, and administration of cybersecurity tools for both state and local government agencies. Yurchisin is currently working on an extensive PCI compliancy project for the City involving upgrading and/or replacing all applications and POS systems that process credit card payments to meet PCI Data Security Standards and to narrow the City’s PCI scope in order to reduce security tool requirements and costs. As a Merchant, she manages almost a dozen ever changing PCI environments, and is uniquely qualified to represent the successes and challenges of working with different SAQ Types.

Presentation(s):

Send Email for Beth Yurchisin

Rob Kottke

PCI Consultant Select Comfort
Select Comfort

Rob’s background includes 25 plus years of experience in a variety of IT/Security engineering and management roles, with a recent focus on PCI/Payment related consulting. His Consulting engagements have involved PCI scoping, as well as designing and implementing PCI compliant omni-channel payment solutions in complex merchant environments. Clients have included Target, Best Buy, Buffalo Wild Wings, and the City of Minnetonka. His biggest challenge is getting POS vendors and Payment Processors to move away from costly and riskier traditional payment systems, and into more secure solutions that will reduce their applicable PCI Controls and their annual rigor and cost.

Presentation(s):

Send Email for Rob Kottke


Assets

3312 - Introduction to PCI DSS Credit Card Security (Part 1) and Hot Topics in PCI DSS (Part 2)

MP3 Audio Slides Video

Attendees who have favorited this

Please enter your access key

The asset you are trying to access is locked. Please enter your access key to unlock.

Send Email for Introduction to PCI DSS Credit Card Security (Part 1) and Hot Topics in PCI DSS (Part 2)