Recorded: September 16 | 2014 Play
2013 was the worst year yet in terms of data breaches, with over 740 million records exposed, and 2014 is shaping up to be more of the same. Security analysts estimate the costs of the data breach that hit U.S. retailer Target are approaching half a billion dollars for the company. The total cost of the breach including losses incurred by banks, consumers and others–could easily reach into the billions of dollars, and the incidents continue in the food industry, state government, and other sectors.
With the Target incident seen as a watershed many financial institutions are planning to begin issuing EMV cards in the next two years, although many are still hesitant to commit to EMV because of uncertainty around retailer adoption of chip card point-of-sale terminals, questions about the viability of the business case for migrating from magnetic stripe cards to chip cards, as well as unresolved issues related to regulation and support for merchant routing choice. Meanwhile, the official release of PCI DSS v3.0 is here, delivering a fresh set of regulatory concerns for consumer-transacting businesses of all types.
Clearly, traditional IT defenses are no longer working. But you can take control. Join us as we discuss key lessons learned from the recent breaches, and the latest developments in payment security.
Brandon Dunlap is the Managing Director of research at Brightfly. He has more than 15 years of experience managing business technology risk in large and small organizations. He has served in a variety of roles across heavily regulated industries, successfully leading all aspects of IT security programs, including policy and procedure management, oversight and control, strategy, architecture, development, and training. Currently, he is the Managing Director of Research of Brightfly, an independent, advisory and research firm that focuses on building a collaborative IT practitioner communities and bridging the gaps within information technology, security, risk, compliance, and audit disciplines.
Bob Russo, the General Manager of the PCI Security Standards Council, works with representatives from American Express, Discover, JCB International, MasterCard Worldwide, and Visa Inc. to drive awareness and adoption of the PCI Data Security Standard. Mr. Russo is responsible for driving the organization's growth and development, as well as meeting its goals to create educational programs, establish pools of certified Qualified Security Assessors (QSAs), Internal Security Assessors (ISAs), PCI Forensic Investigators (PFIs), and Approved Scanning Vendors (ASVs), and incorporate feedback from all stakeholders across the payment chain into the work of the Council and the development of new standards. In addition, Mr. Russo oversees the PCI Security Standards Council's training, testing, and certification programs for QSAs, ISAs, PFIs, and ASVs.
Jeff Cherrington is the VP of Product Management & Marketing at Prime Factors. He brings over 30 years of experience in technology development, implementation, sales, & promotion, primarily focused on payments, banking, & financial. More than half of that time was spent directly in the payments industry, either working for the largest third party transaction processor of that time (First Data Resources) or the largest issuer of Visa credit cards (Bank One/JPMorgan Chase). In the latter role, he focused on regulatory compliance, vendor audit & security controls, and third party service agreement negotiations. Most recently, Cherrington held a variety of roles on the executive team of PKWARE, a leading provider of data management, protection, and integrity applications, including VP of Product Management, Technical Director for EMEA, and VP of Vertical Solutions.
Terence Spies is the Chief Technology Officer at Voltage Security. He has over 19 years of security and systems software development experience, working with leading companies such as Microsoft, Asta Networks and others. Terence now serves as Chief Technology Officer, overseeing the expansion of Voltage technology into new application areas such as mobility, payments and other areas where application data security is required. He is active within the standards community and currently serves as chair of X9F1, the Cryptographic Tools group of X9 whose charter is to draft cryptographic algorithm standards for use in the financial industry. Terence graduated with a Bachelor of Science degree in Logic and Computation from Carnegie Mellon University.
Bernard Vian serves as Executive Vice President for Secure Payments at INSIDE Secure and served as its Vice President of Business Development. Mr. Vian came to INSIDE from Gemplus, where he held several positions in Sales Support and Marketing, in Europe and lately in the Gemplus' North America, where he opened the Californian office. As the Gemplus North America Technical Services Group Director, he handled the Visa Intl and VISA USA relationships, and qualified GEMPLUS as the largest VISA chip card vendor, with 20+ million of cards delivered to Bank Issuers as part of the first 'smart Visa program' deployment in the US. Mr. Vian joined INSIDE's team at the end of 2002 as the Business Development VP. He has initiated the positioning of INSIDE's new microcontroller technology, MicroPass™ , one of the most promising technology dedicated to cost effective solution for proximity payment and secure ID applications. He is a graduate of the University of Aix-Marseille (France), with an engineering degree in Electronic Systems.