PCI SSC European Community Meeting Dublin – October 2012

Posted on October 28, 2012 by support
PCI Security Standard Council European Community Meeting, Dublin

The PCI SSC European Community Meeting was held in Dublin Ireland at RDS.

Following on from the North America Community Meeting held in Orlando last month, the Ground Labs team traveled onto Dublin where the PCI council held it’s European Community Meeting at the Royal Dublin Society (RDS).

Whilst this was a smaller event compared to it’s North American counter-part, there were still over 500 attendees including a large number of QSA’s present from all parts of Europe and a small delegation from the Asia Pacific region.

Director or Europe for the PCI Security Standard Council

Jeremy King on stage at the European Community Meeting

As always the PCI council’s European Director Jeremy King lead this event and highlighted the rapid advancement of PCI Compliance across Europe including the high level of involvement from European stakeholders involved with the council.

The special guest speaker for Europe this year was Mark Gallagher of Status Grand Prix. Mark provided an interesting presentation highlighting many lessons he has learned throughout

Director of Status Grand Prix - Mark Gallagher

Mark Gallagher of Status Grand Prix presents on how managing an F1 team is similar to a security team upholding PCI compliance.

his F1 career. Mark was able articulate how many of the challenges his team’s have faced are similar to problems we as a Payment Card Industry are challenged by on a constant basis. It was very clear by the end of the presentation that no matter whether you are responsible for securing payment cardholder data, leading an F1 team to victory or running any other type of business, the importance of sound risk management, team building, or ensuring a focus on your client’s needs are important elements to achieving success.

Dublin City

Whilst visiting our team enjoyed seeing the city sights of Dublin

The agenda was similar to North America with topics covered on the Council’s current initiatives including Point-to-Point Encryption, Qualified Integrators and Resellers (QIR), and the new Payment Card Industry Professional Program (PCIP).

Also presenting on stage was Nick Percoco of Spiderlabs who provided insights into current mobile security threats. Nick provided a series of live demonstrations showing exploits in

Cafe En Seine Vigitrust Party - PCI SSC European Community Meeting

Vigitrust hosted the welcome party at Cafe En Seine in Dublin

both Apple and Android mobile operating systems. In one particular demo Nick demonstrated an Android exploit whereby the login page of popular apps such as mobile internet banking or Facebook could be overlaid with a fake login page designed to capture and transmit login information to a remote host. Ironically after contacting Google to alert them about this potential exploit, Google’s response was that it is a feature and will not be fixed! The mobile world clearly plenty of attack vectors that will continue to be exploited, particularly as the growth of smart phones and tablets is predicted to hit 2 billion devices by 2015 (that’s a little over 2 years away..)

Guinness Brewery - Vendorcom Party

The Vendercom after party held at the Guinness Store-House

As with many of the PCI SSC’s events there were some great party’s held at the end of each day. On day #1 (22/10), Vigitrust held a welcome after-party at Cafe En Seine in the heart of Dublin. This french-themed cafe/bar venue offered all delegates the opportunity to meet in relaxed setting over local beers and wine. On the final evening Vendorcom held a final party at the world renowned Guinness Store-House.

The Guinness Beer Making Process

The Guinness Beer making process on display at the Guinness Store-House

The night included a brief tour on the way up to the event room showing when the Guinness Brewery started and how Guinness Beer is made. And of course almost everyone was drinking the dark stuff all night and enjoying it too (as the photos will show!).

Back at the event, Ground Labs along with a strong showcase of over 30 PCI compliance vendors were present for attendees to visit over the 2 main days of the event. Other vendors present included Airtight Networks, Xypro, Alert Logic, Vormetric, Aperia Solutions, Voltage Security, Cisco, Vigitrust, Comforte, Verizon, Control Case, Veritape, Dell Secureworks, Verifone, Firehost, Trustwave, Fishnet Security, Sysnet Global Solutions, Foregenix, SSH Communications Security, IOActive, Semafone, iScanOnline, Security Metrics, Liaison Technologies, SAINT, Mako Networks, Protegrity, Pixalert, and NNT Security.

PCI SSC Europe Community Meeting - iPhone5 Winner

The happy iPhone5 Winner - Kunal Taneja from AFS

And finally, a special congratulations must go to Kunal Taneja from AFS who was the the lucky winner of our iPhone 5 prize draw. Congratulations Kunal and watch out for that new Apple maps app!

To view all the event photos please logon to Facebook page and give us the Thumbs Up on anything you liked. Direct Facebook links are shown below:

Main event photos |   Vigitrust party photos |   Vendorcom party photos

Alternatively the photos are also available on flickr:
Main event photos |   Vigitrust party photos |   Vendorcom party photos
Posted in Global PCI Compliance Events | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Announcing Card Recon and Enterprise Recon 1.16

Posted on October 10, 2012 by support

Well it’s finally out. Our team has been working hard these past few months to complete this latest release of Card Recon and Enterprise Recon for all to enjoy and we must say, this is no ordinary release. Not only does it include the normal bevy of false positive updates, bug fixes and general improvements that you would expect, it also introduces a suite of major features which we know many of you, particularly those with larger environments have been asking for.

Read on for an overview of each major feature.

Deleted Files, File Slack Space and Process Memory Scanning

Find Credit Card Numbers within unallocated sectorsSome of you may have noticed in the last 6 months we quietly introduced new scanning options for Card Recon to identify unencrypted cardholder data handling within process memory and deleted files that reside on unallocated disk sectors. Version 1.16 expands this capability further by adding detection within file slack space which is useful if you have files containing CHD which scale up and down in size.

Furthermore we have now taken these features and fully integrated them into Enterprise Recon enabling detection of cardholder data within deleted files, slack file space and process memory on remote systems where an Enterprise Recon agent is deployed.

Audio File Scanning Support

Scan for cardholder data within Audio filesDo you run a contact centre, pay-by-phone IVR or record calls as part of quality assurance? Many organizations may not realize the impact call recording technologies have on PCI compliance scope, particularly when your customer provides cardholder information whilst the call being is recorded!

If the above scenario describes your situation, this feature becomes very relevant. The Audio File scanning feature enables both Enterprise Recon and Card Recon to detect cardholder data stored as DTMF (touch-button) tones within audio recordings. Try it within your call centre. The findings might surprise you.

Enterprise Recon’s new features

Within this 1.16 release many advancements were made exclusively within Enterprise Recon due to the volume of feature requests Enterprise Recon customers submitted. These include:

Remote File Content Viewer

Inspect at the contents of non-PCI compliant PAN storage within remote filesFor some time now we have planned a secure remote file content viewer within Enterprise Recon that functions similar to the Match Inspector found within Card Recon. The challenge our engineers faced was ensuring the feature does not impact your PCI compliance scope by storing, processing or transmitting cardholder data across the network between the Enterprise Recon Node agent and the Master Server/Reporting Console.

In short, we cracked it and have implemented an approach that dynamically masks the file content at the node before data is transmitted across the network. The result is you can now double-click on any file on a remote host to view the contextual data surrounding a finding without fear of more PCI compliance scope being introduced.

Remote Secure File Delete

To complement the remote file viewer we Permanently delete cardholder data within fileshave bundled in a secure remote delete feature enabling Enterprise Recon administrators to permanently delete files where unencrypted cardholder data has been discovered on a remote system. This feature renders file data permanently unrecoverable should undelete or any other data recovery be attempted.

We believe this feature alone will greatly decrease remediation time to review and permanently delete files storing cardholder data residing across multiple systems on your network.

Active Directory Integration

Active Directory Authentication is supported by Enterprise ReconEnterprise Recon now supports authentication via Active Directory for console users to further enhance interoperability with your central PCI compliance controls including password management and user permission groups. Furthermore large deployments will benefit from automatic Host Group Assignment using Active Directory host groups already established. This feature is a true time saver for customers with a large numbers of hosts.

Exchange 2010 Support and Exchange 2003 /2007 Improvements

Support for identifying cardholder data Enterprise Recon scans Microsoft Exchange for storage of Cardholder Datawithin Microsoft Exchange mailboxes has been further enhanced with improvements to Exchange 2003 and 2007 database scanning support. This includes thorough scanning of each individual email within a given mailbox including attachments.

To extend on this capability, Enterprise Recon now provides full support for Exchange 2010 databases directly off the file system. This also includes scanning Microsoft backups of your Exchange Database when packaged into a BKF formatted file.

Oracle, DB2, Sybase, Postgres, MySQL and MSSQL via ODBC

PAN data storage within Databases including Oracle DB2 Sybase MySQL MSSQL and PostgresYou asked. We delivered. Many customers indicated a desire to scan Oracle, DB2 and other enterprise databases. Whilst the existing default method of directly reading supported database file types natively off the disk is highly effective, we understand some still have a requirement to scan live databases via traditional ODBC. For this reason we have introduced ODBC support into Enterprise Recon enabling scanning of 5 additional database types. The compliance report will display a count of all findings including the location within the database where it was found.

Major On-Screen Display Improvements

Since it’s original release, Enterprise Recon Cardholder Data Discovery results are improved within Enterprise Recon 1.16has supported scanning of various Database and email formats and displayed a detailed breakdown of locations where cardholder data was found.

Our interface designers have taken this a step further with a rework of the on-screen compliance report interface including the addition of a live file-by-file breakdown and visual data type markers such as email and databases. The updated layout displays a greater amount of information making it easier to understand and establish the true PCI compliance storage risks that exist on a given host.

Download Now

Card Recon and Enterprise Recon version 1.16 are available as a free upgrade for all current license subscribers.

Enterprise Recon users will find the upgrade process simple – just run the updated installer on your existing Master Server. Enterprise Recon will then automatically upgrade all nodes with the scanning engine update. In addition the update must also be installed on any host where the reporting console is installed.

To download the the latest version(s) of Card Recon or Enterprise Recon visit http://www.groundlabs.com/support

If you’re considering Enterprise Recon for your own PCI compliance needs please contact us and our team will be happy to provide a free trial.

Posted in New Features | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

PCI SSC North America Community Meeting Orlando – September 2012

Posted on September 15, 2012 by support

The PCI Security Standards Council held it’s 6th annual

Disney's Dolphin resort - home to the 6th PCI SSC annual community meeting

Disney's Dolphin resort at Disney World in Orlando

community meeting, this year at the Dolphin Resort in Disney World on September 12th – 14th.

Over 1,000 attendees were present over this multi-day event consisting primarily of QSA’s and PCI participating organisations including payment processors, large

September 2012 - PCI SSC Orlando

PCI SSC North America Community Meeting - A Mountaineering Bob Russo delivers a warm welcome to all.

retailers, airlines, telco’s and a variety of other industry categories where PCI compliance is a critical part of staying in business.

Bob Russo the PCI SSC general manager opened the event up as always with a fun and quirky theme, this year focussed on mountaineering with yodeling added for affect and reminded all delegates about the importance of working together as an industry to fight the ever

PCI Security Standards Council Community Meeting Attendees

Over 1,000 attendees were in attendance at this year's PCI SSC Community Meeting

persistent threat of fraud stemmed from security breaches involving cardholder data.

The mountaineering topic moved nicely to welcome the event’s guest of honor, Jamie Clarke who delivered the keynote address “Above All Else”. Jamie told a story of his climb to Mount Everest and how everyone should set audacious goals or “Your summit” as he called it and then go for it. A great motivational moment for all in attendance.

At the event generally there was plenty

PCI SSC General Manager - Bob Russo

Bob stopping by to say Hi! - Bob Russo (General Manager, PCI SSC) and Mo Zouine (EMEA Director, Ground Labs)

of talk about the Council’s current initiatives including Point-to-Point Encryption, Qualified Integrators and Resellers (QIR), and the new Payment Card Industry Professional Program (PCIP). At various times throughout the event council representatives presented on stage and participated in panels which including Leon Fell (Director, Solution Standards), Lauren Hollaway (Director, Data Security Standards), Philip Jones (Standards Manager), Emma Sutcliffe (Standards Manager), Gill Woodcock (Director, Certification Programs), Troy Leach (CTO) and Ralph Spencer Poore (Director, Emerging Standards).

Many will be interested to know that the next version of the PCI Data Security Standard, PCI DSS 3.0 will be released in 2013 as part of the ongoing evolution and improvement of the standards.

A strong showcase of over 50 PCI compliance vendors were present for attendees to visit over the 2 final days of the event including AT&T, Bit9, Catbird ,Centrify, CloudPassage, ComForte 21, ControlScan, Cryptera, CSR, Element Payment Services, First Data, RSA, Fishnet Security, Halock Security Labs, Hytrust, Intel Corporation, IOActive, iScan Online, K3DES, Mako Networks, Mechant Link,

Cardholder Data Discovery Display by Ground Labs at the PCI Council's North America Community Meeting

Things were non-stop at the Ground Labs display stand throughout the 2 day vendor showcase!

nCircle, Panoptic Security, PSC, Rapid7, Reliant Security, SAINT, SecureConnect, Semafone, Solutionary, Specialised Security Services, SSH Communications Security, Sunera, Terra Verde Services, Unified Compliance, Vanguard Integrity Professionals, Verifone, Callguard, Verizon, Voltage Security, ZZ Severs, Veritape, Protegrity, Shift4, Firehost, Vigitrust, ControlCase, Foregenix, Semafone, Security Metrics, Trustwave, SSH, Pixalert, XBridge, XYPro, Cisco,

The Corporate Development Team from Ground Labs - The leaders in cardholder data discovery.

The Ground Labs Corporate Dev Team! - Steve (Global), Mo (EMEA), Russell (US)

Sysnet Global Solutions, Airtight Networks, Accuvant, TSYS, SISA, Proviti and of course Ground Labs with our live interactive display showcasing cardholder data discovery for merchants and QSAs.

For complete event photos please click here

Posted in Global PCI Compliance Events | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

PCI London – July 2012

Posted on July 7, 2012 by support

Yet another successful PCI London

A captivated audience at PCI London

The PCI London audience consisted of over 350 senior stakeholders from some of the UK's largest companies

event for the Ground Labs EMEA team, held at the Victoria Park Plaza in London as always.

It’s always interesting to speak with the delegates in attendance, many of whom attended previous PCI London events yet continue to face challenges either implementing PCI compliance or maintaining PCI Compliance, often due to

Ground Labs Director - Stephen Cavey

Global Director of Corporate Development for Ground Labs - Stephen Cavey

operational, political or budgetary issues.

This time round we changed track from our mainstream cardholder data discovery presentation and had our global Director of Corporate Development, Stephen Cavey deliver a presentation titled “Show me the proof and i’ll show you the money. Engaging CXO buy-in to

Lucky person win's an iPad 3!

The lucky iPad3 Winner!

your PCI compliance initiatives”. The presentation aimed at delivering exactly what the title suggests – ways to win back those budgets that supported your PCI compliance efforts which for many, are now gone.

We have met many PCI compliance champions who have said one of the biggest challenges in moving forward with compliance initiatives continues to be budget. Not necessarily due to

The EMEA team at Ground Labs

The Ground Labs Team! - Stephen Cavey (Global Director), Jessica Hagley (EMEA Marketing), Mo Zouine (EMEA Director)

economic climate but often due to the previous PCI compliance project failures which missed deadlines and delivered no tangible value that the business could recognise. It was for this reason we decided to build a presentation based on our all of our own learnings through working with many global organisations of all shapes an sizes and having seen both successful and failed PCI compliance projects in action.

Later in the day Stephen went on to deliver some focussed education sessions on implementing and using Enterprise Recon for network wide cardholder data discovery across multi-site environments.

Also in attendence at the event was the familiar and friendly group of PCI compliance vendors including Protegrity, Veritape, LogRhythm, Forgenix, Verizon, Semafone, Sysnet, and IP Payments.

For complete event photos click here

Posted in Global PCI Compliance Events | Tagged , , , , , , , , , , | Leave a comment

HFTP / HITEC Baltimore – June 2012

Posted on June 30, 2012 by support

After successful events in Europe and the Middle East,

Baltimore Convention Center - Home to HITEC 2012.

HITEC 2012 - held at the Baltimore Convention Centre

Ground Labs participated in the HFTP HITEC 2012 event in Baltimore Maryland in the United States.  We were welcomed with warm weather at the Convention Center in downtown Baltimore.

The renowned event is the largest hotel and hospitality technology event in the world was well attended with attendees coming from dozens of countries representing both the financial and technical disciplines. Participants were eager to share their worries and questions on PCI DSS. We can see this is topic of concern in the Hospitality industry.  The common discussion was how to find the cardholder data that they knew was in their environments.  We often heard that common business practices and the efforts to accommodate guests were often the very causes for cardholder data being stored unprotected.

Camden Yard - Baltimore Orioles vs the Angles

Next door to HITEC was Camden Yard where our team watched the Baltimore Orioles play baseball against the Los Angeles Angels!

The Hospitality industry has had some news worthy breaches in the past year.  The potential exposure had most organizations looking for ways to minimize the impact of a breach.    The level of interest and the types of questions made it clear that PCI compliance was becoming an important requirement for their operations.

The lucky winner of the Ground Labs iPad 3 for this event was John Kandrovy from Woodloch Pines Inc. Congratulations John!

Special thanks to innRoad for the special invitation to join them in their Suite at Camden Yards to watch the Baltimore Orioles play baseball against the Los Angeles Angels.

We are looking forward to returning to HITEC next year at Minneapolis!

Posted in Global PCI Compliance Events | Tagged , , , , , , , , | Leave a comment

PCI SSC Asia Pacific Town Hall Meeting, Singapore 14 June 2012

Posted on June 17, 2012 by support
On Thursday the 15th of June, the Payment Card Industry Security Standards Council (PCI SSC) travelled to Ground Labs’ hometown of Singapore and hosted the first Town Hall Community meeting in Asia.

The Marina Bay Sands in Singapore. The PCI SSC Asia Pacific town hall meeting was held at the nearby Hilton Hotel.

The landmark Marina Bay Sands in Singapore. The PCI SSC Asia Pacific town hall meeting was held at the nearby Hilton Hotel.

The turnout was nothing short of impressive with over 200 delegates in attendance including a variety of major brands operating in the region and a notable delegation of QSAs including Stratica, Witham Laboratories, Vectra Corporation and Verizon Business flying across from Australia.
The agenda included a variety of PCI compliance updates and real-life insights for technical and non-technical audiences with presentations from Bob Russo (General Manager, PCI SSC), Troy Leach (CTO, PCI SSC), Ritchie Sim of the NSW Police Force in Australia and Johan Oman of Cybercom.
Bob Russo addressed the audience at various intervals throughout the day including a real-life story where Bob explained how he suffered a house break-in which would have been deemed “compliant” with physical security best practices using protective measures such as dead-bolted doors, an electronic alarm system, and a dog!
Yet Bob still managed to suffer an intruder break-in.
In Bob’s case, his state of “compliance” was falling short on the particular day the break-in
Bob Russo - of the PCI Security Standards Council presenting in Singapore

Bob Russo, General Manager of the PCI Security Standards Council presenting in Singapore on his own experience on "falling out of compliance".

occurred due to 3 very simple problems – 1) The rear-door was not locked properly 2) The alarm system was setup in different zones and on this particular day, the room suffering the break-in was not being monitored 3) Bob’s dog had poor hearing!

This example described by Bob is identical to many organisations who believe they are PCI compliant due to all the boxes being ticked yet still suffer security breaches. Too often we all hear about poor (or no) network security monitoring, configuration changes to firewalls or internet facing systems and most importantly and cardholder data lying around in locations that are completely exposed without any form of protection or obfuscation (hence, cardholder data discovery is a hot topic).

Ritchie Sim of the NSW Police delivered a eye-opening presentation outlining details of a recent major crime bust which occurred in Australia.

Ritchie Sim - NSW Police presenting on Cardholder Data theft

We were requested to keep the details of the case confidential however at a general level the attack vectors used was POS skimming via a series of complex device modification techniques. The example went on to prove that criminals looking to commit cardholder data theft don’t necessarily have to be technical with almost any skillset is available for hire in the world. In this case the organisers paid up to $350,000 to fly-in an expert on POS devices to make the necessary modifications to remotely transmit customer cardholder data processed through the device. The police seized a large amount of compromised terminals and the offenders, primarily from other south-east Asian countries received lengthy jail sentences for their involvement.

Troy Leach at the PCI SSC Asia Town Hall Meeting in Singapore

Troy Leach presenting the PCI Council's latest initiatives and working groups including "The Bridge of Compliance".

Troy Leach, CTO of the PCI Council gave an update on the current Special Interest Group initiativeswhich also incorporated a separate presentation titled “The Bridge of Compliance” showing how various techniques and strategies can shorten and simplify an organisations compliance journey. Mohamed Zouine of Ground Labs UK Office was in attendance and asked Troy whilst on stage a question about the councils view of treating Cardholder Data Discovery as Requirement 0 – the first thing you should do before addressing any of the other PCI requirements. Troy confirmed internally the Council takes this view and agrees that once you know where all of the cardholder data is being stored across an environment, only then can you really begin addressing issues and implementing permanent solutions.

"The Bridge of Compliance" video based on Monty Python

"The Bridge of Compliance" Monty Python Style! Many laughs heard throughout this video.

Bob Russo, Andy Freed and their dedicated team did an outstanding job of organising this landmarkevent which the region needed to promote the true benefits PCI compliance for organisations of any size. It is clear the council has many plans for the region given that many companies located in Asia are not under stringent mandates to become PCI Compliant therefore resulting in very low awareness of the standard. Most PCI compliance activities occurring within the region are driven by large multinational organisations where the standard is enforced upon all global business units. We hope after this event, this general attitude will start to improve and encourage local acquirers along with their connected PSP’s to take a more pro-active approach and promote PCI compliance across their merchant customer base.

Posted in Global PCI Compliance Events | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

PCI Dubai May 2012

Posted on May 31, 2012 by mohamed.zouine

After a successful event in Istanbul we are now in the sandy shores of Dubai for the 2012 PCI event at the Al Murooj Rotana hotel. The number of skyscrapers in Dubai is still growing yet the heat and humidity remains the same.

Attendees @ PCI Dubai 2012 - Al Murooj Rotana - PCI Compliance

Attendees @ PCI Dubai 2012 - Al Murooj Rotana - PCI Compliance

The event was well attended with delegates from the banking sector, leisure, travel, hospitality and various other industries. Participants were eager to share their worries and questions on PCI DSS. We can see this is still a hot topic in the UAE and broader Middle East region. It is comforting to see an improvement on awareness and interest in compliance since the last PCI Dubai conference 1 year ago. More specifically Cardholder Data Discovery continues to be recognised as a priority for organisations maintaining compliance as well as those who are in the early stages of the journey.
Mohamed Zouine presenting on PCI Compliance - cardholder data discovery

Mohamed Zouine presenting on PCI Compliance - cardholder data discovery

One interesting fact about the Middle East is the emphasis on what ones peers are doing. In terms of PCI compliance, many organisations held back on implementing the standard until they understood what other similar companies in their industry are doing. Thankfully there are many global companies operating throughout the Middle East and have internationally driven mandates where PCI compliance is promoted as a standard across the entire business encompassing all regions. This has created a rippleeffect into local organisations where PCI compliance is now receiving more attention as a result of the influence from multi-national organisations.

A new initiative was announced by the conference organisers on the day called “Experts Network”. This new community forum is aimed at facilitating knowledge transfer from security experts across the world including, security vendors and IT professionals. The unique proposition of this forum is the user base it will attract. To date the PCI and E-Crime series of events has welcomed well in excess of 5,000 infoSec and PCI compliance professionals who will all be invited to join this community to share their ideas and insights on the topic. We encourage all of our industry peers to join online at http://www.xpertsnetwork.com/

iPad 3 Winner is Naveed Pasha from First Gulf Bank

iPad 3 Winner is Naveed Pasha from First Gulf Bank

The lucky winner of the Ground Labs iPad 3 for this event was Naveed Pasha from First Gulf Bank. Congratulations Naveed!

The following companies were also exhibiting on the day: Verizon, SourceFire, Qualys, Thales, ISACA UAE Chapter, Ground Labs.

Our next Middle East event will be in November when we return to PCI Abu Dhabi on November 21st. The next event in the PCI series will be held in London on July 5th where Ground Labs will once again be providing our insights on critical role Cardholder Data Discovery plays in achieving and maintaining PCI DSS compliance.

For complete event photos click here

Posted in Global PCI Compliance Events | Tagged , , , , , , | Leave a comment

Merchant Risk Council April 2012 Dublin, Ireland

Posted on April 30, 2012 by support

Following on from our recent trip to Las Vegas,

Merchant Risk Council Europe - Dublin

Merchant Risk Council Europe - The Burlington Hotel - Dublin

Ground Labs continued it’s support of the Merchant Risk Council by sponsoring it’s European event, this time held in Dublin on April the 25th – 27th at the Burlington Hotel.

Just like it’s US counterpart, the MRC European event offers fraud and security professionals in the region a focussed event to learn about the latest initiatives for fighting fraud losses commonly experienced by organisations conducting business online.

MRC European Event - Main Floor

At this European event the London branch

of US homeland security came to present a fantastic session on their latest views of electronic crime and fraud. Specifically the secret service agents went on to provide a detailed insight on a  past operation Lord Kaisersose which lead to the arrest of of various criminals who were convinced of selling compromised cardholder information including track1 and track2 data via card trafficking websites online.

The secret service agents went onto

MRC Dublin Europe - PCI SSC - Jeremy King

Jeremy King from the PCI SSC presenting on the council's latest initiatives.

confirm their view that cybercrime and electronic fraud is now a 3 Trillion dollar industry globally with over 69 hacks occurring every second. This figure positions electronic crime and fraud to be larger than the drug trade, with many secret service agents now being re-trained on computer forensics and techniques to fight electronic crime.

Jeremy King from the PCI Council’s

European

office also presented on the PCI SSC’s latest initiatives in helping organisations to reduce their risk of suffering a cardholder data breach by becoming PCI compliant. The council continues to work on a range of initiatives to educate the public and improve general awareness of the PCI standards globally.

Graham Thompson from Semafone was invited to speak and present on Semafone’s call centre payment solution which enables organisations to capture

Graham Thompson - Semafone

Graham Thompson - Semafone - Presenting on contact centre fraud and the important of PCI Compliance.

credit card payments within a call centre environment whilst reducing the risk of call centre agent fraud occurring.

MRC should be commended on a well run event which brought together an interesting variety of professionals in the fraud and security industry and offered highlight sessions on topics related to PCI Compliance and cardholder data security for the audience to learn from.

For event photos click here.

Posted in Global PCI Compliance Events | Tagged , , , , , , | Leave a comment

e-Crime Turkey April 2012

Posted on April 25, 2012 by support

Ground Labs has recently returned from yet

Taklim Square in Istanbul e-Crime Congress in Turkey for 2012

another successful e-Crime event, this time held in the largest city of Turkey, Istanbul, on the 18th of April 2012. Home to more than 15 million people, Istanbul is Turkey’s economic capital and biggest trade centre, home to nearly half the country’s wealth. This therefore makes it a seemingly appropriate location to welcome such a diverse and informative event as e-Crime Turkey has been this year.

This year’s theme sought to emphasise data protection, risk management, and issues thrown into sharp relief by a business decision must not be considered independently of the technology and threat landscape but should instead be embraced.

The growing technology industry often

e-Crime Turkey 2012 - Main conference

creates new opportunities for risk and data breaches and it is for this reason that strict security measures must be considered as part of an overall security and compliance strategy. Such examples of this were presented by a number of expert speakers from a range of industries, providing case studies, insights and practical advice on how to mitigate threats, protect data, secure technology and create value. Speakers included, Jeremy Boorer from Entrust, Orcun Bahadir from A&T Bank, Ray Kafity from FireEye, Abdeslam Afras from AccessData and Ferit Rahvanci from Rubbit.

Another speaker at the event was

Mo Zouine of Ground Labs presenting Enterprise Recon and Cardholder Data Discovery.

Ground Labs’ own EMEA Director of Corporate development, Mohamed Zouine, who presented on the importance of Cardholder Data Discovery to the entire audience including a live demo session. Later in the day, Stephen Cavey from Ground Labs delivered an educational session on both Card Recon and Enterprise Recon and how it can be effectively implemented to identify sensitive cardholder data across large scale networks from a centralised location.

e-Crime Turkey was also the perfect

Congratulations to our iPad2 Winner!

Congratulations to our iPad2 Winner!

opportunity for Ground Labs to network, establishing new contacts and catch up with existing colleagues.

Congratulations to the  the winner of our ‘Win an iPad 2’ competition and many thanks to all those who entered.

We would like to thank AKJ Associates for organising the event and Hilton Hotel for hosting it. We look forward to the Merchant Risk Council European Congress in Dublin, starting the 25th of April.

For complete event photos click here

Posted in Global PCI Compliance Events | Tagged , , , , , , | Leave a comment

Merchant Risk Council March 2012 Las Vegas

Posted on March 31, 2012 by support

This month the Ground Labs team were

The Wynn - Las Vegas

The Wynn - Las Vegas - Home to this annual Merchant Risk Council meeting

off to Las Vegas – not for gambling – but to exhibit at the Merchant Risk Council 2012.

This show is targeted to fraud and risk in the payment ecosystem which had connections to security and PCI DSS. The delegation consisted of both fraud and security professionals from some of the largest online brands in the world including Google, Paypal, Skype to name a few.

It was interesting to hear feedback on how professionals looking after fraud & risk have a different mindset from their counterparts looking after PCI DSS.

When explaining the specific problem we solve to various delegates, several told us they would rather NOT know

The Wynn Las Vegas - where the 2012 MRC event was held.

The Wynn Las Vegas - 2012 Merchant Risk Council annual meeting.

where rogue cardholder data was in their environment and make it somebody else’s problem. From this we can certainly conclude the term “Ignorance is bliss” is still alive and well, unfortunately.

This is evidence to further support the

message we deliver at various conferences that people continue to represent a significant barrier to ongoing compliance efforts.  It is key for

The Ground Labs PCI Compliance stand at MRC Las Vegas. Every delegate wanted to win the iPad!

organisations implementing PCI DSS to

involve all staff in taking on the responsibility of identifying and protecting sensitive cardholder data, regardless of job function.

Overall delegates were inquisitive and eager to learn what the vendor community had to offer in order to help them with reducing Risk & Fraud and improving security in general.

A variety of informative thought provoking

Kevin Mitnick presenting at the MRC Las Vegas on various hacking techniques.

Kevin Mitnick presenting at the MRC Las Vegas on the latest computer system hacking techniques.

sessions were delivered at the event especially the talk from Kevin Mitnick, once one of the most wanted hackers in the World.  Now a specialist security consultant, Kevin ran a series of on-stage hacking demos which incorporated social engineering and the use of innocuous devices to compromise various network security layers.

Kevin successfully reminded the audience just how easy it is to break into an organization using any number of attack vectors.

Companies like Sony, Trustwave,

Circus Circus - one of the older casino's on the Las Vegas strip

McAfee, CyberSource, Microsoft, TicketMaster, 41st Parameter and iovation

also presented at the event and offered interesting views on the topic of fraud and risk mitigation.

We would like to congratulate Semafone, whom we exhibit along side at many different events, for winning the MRC Emerging Technology Awards (METAwards) on the final day of the event. Well done guys!

As usual, Ground Labs gave away a new iPad so well done to Angela Hakimipour from J2 Global in Los Angeles for winning this coveted prize!

The famous Belagio hotel and Casino

The famous Belagio hotel and Casino's water fountain show.

Ground Labs will be attending the next MRC event in Dublin in April. Make sure to pop by and say hello if you are attending.

For complete event photos click here

Posted in Global PCI Compliance Events | Leave a comment