Cardholder Data Discovery Blog

eCrime France 2012

Posted on March 15, 2012 by mohamed.zouine

We have recently returned from the blossoming city of Paris where we attended the e-Crime France 2012 event. This year the event was help at CAP15 a stone throw away from the Eiffel Tower.

Paris in spring!

The main theme was geared towards compliance, compliance towards EU legislation as presented by Olivier Proust from Morrison & Foerster and also compliance towards PCI DSS.

Chrisitan Huesch from Visa described how security can be embedded on a card using built in 2 factor authentication. This is quite positive for the future of payment cards.

There were the usual points on Network and Endpoint security by Palo Alto, F5 Networks and FireEye, just to name a few.

Cardholder data discovery was also discussed at great length by Mohamed Zouine from Ground Labs during his plenary and education sessions. Most of the attendees from large companies of the CAC40 did show great interest on this matter. Companies on the retail, travel and financial industries shared with us their new awareness on the need to search for cardholder

Jessica on the Ground Labs stand

data to establish the real scope instead of using guesswork which we feel is a good change in attitude.

Thus the day was a great chance for us to network as well as sharing our ideas on PCI Compliance.

French Cuisine

As usual, the food was great on the day with some delicacies like foie gras, nice French wine and Macaroons.

Congratulations to Julien Neuschwander who won

iPad2 winner - Julien Neuschwander from Saint-Gobain

the iPad2 prize kindly offered by Ground Labs.

Our thanks go to AKJ Associates for organising the event and to Cap 15 for hosting it.

We are next in Istanbul for the PCI and eCrime Turkey events on April 18th at the Hilton hotel.

Posted in Global PCI Compliance Events | Tagged 2 factor authentication, AKJ Associates, April 18th, CAC40, CAP15, Cardholder Data Discovery, Chrisitan Huesch, e-Crime France 2012, eCrime Paris, eCrime Turkey, EU legislation, F5 Networks, FireEye, Hilton hotel Paris, Julien Neuschwander, Mohamed Zouine, network, Network and Endpoint security, Olivier Proust, Palo Alto, PCI Compliance, PCI Compliance Paris, PCI DSS, PCI Paris, PCI Scope, scope | Leave a comment

e-Crime Germany 31st January 2012

Posted on February 3, 2012 by mohamed.zouine

e-Crime Germany 2012 was held at the Radisson Blu hotel in Frankfurt, Germany

After sponsoring PCI London back on the 25th of January, our team traveled onto Frankfurt in Germany for the world renowned e-Crime Germany event. This year’s event was held at the Radisson Blu Hotel on January the 31st.
e-Crime Germany is part of the Global e-Crime Series which provides audiences around the world with the latest insights that can help improve security and reduce the likelihood of an organisation being the next compromise victim.

The agenda of the day offered both strategic and technical advice, examples of best practice and case studies that detail how in-house security professionals can meet new demands as businesses continue to grow and change. The various seminars provided an interesting view on how organisations can take advantage of the latest technologies which often assist to “do more with less” whilst solving some of the many challenges out there in keeping a system secure. There were also a number of insightful presentations on securing cardholder and other sensitive data from current hacking techniques and the latest malware.

The delegation was far broader compared with normal PCI events given the additional focus on electronic crime. This was reflected in the delegation which included representatives from law enforcement and forensic investigations in addition to the normal crowd of IT directors, risk/compliance managers and technical folk alike. Attending vendors included HP Enterprise Security, Bit9, Fire Eye, Tripwire, Visa, Palo Alto, Codesealer, Cryptomathic, Silver Tail Systems, Verdasys, Epiq Systems and TeleTrust.

Mohamed Zouine presenting our main-stage presentation on using Cardholder Data Discovery to identify PCI security risks within an IT environment.

As a strategic sponsor of the event, Ground Labs participated in a number of topical discussions with our EMEA Director of Corporate Development, Mohamed Zouine, presenting on ‘the good, the bad and the ugly of cardholder data security best practice’, with focus on how to avoid being the next target of data breaches. The presentation considered the many mistakes often made by companies and the devastating consequences this can have. Mohamed went on to outline what steps can be taken to avoid being the next victim including the use of Tokenization, Data Masking and Encryption once the data discovery scans have been completed.

Later in the day, Stephen Cavey presented our regular education seminar on ‘keeping risk at rock bottom’, overcoming challenges associated with non-compliant cardholder data handling practices. Stephen once again used a live demonstration of Enterprise Recon to show the importance of enabling regular cardholder data discovery to ensure any future handling of sensitive credit card numbers does not result in any non-compliant storage occurring. In the event that unencrypted (non-compliant) cardholder data is identified, Enterprise Recon will isolate and display the findings within a centralised real-time reporting interface.

Ground Labs iPad 2 winner, Georg Hirschberg with Steve Cavey

Ground Labs iPad 2 winner, Georg Hirschberg of ING Diba with Stephen Cavey

Congratulations to our iPad 2 winner Georg Hirschberg from ING Diba.

For a copy of our presentations please contact enquiries (at) groundlabs dot com

Our thanks again to AKJ Associates for a well organised and enjoyable day, we look forward to many more.

Posted in Global PCI Compliance Events | Tagged AKJ Associates, application and network security, Attending vendors, audit, Codesealer, compliance, Cryptomathic, data breaching, Director of Corporate Development, e-Crime Germany, Enterprise Recon, Fire Eye, forensics, Ground Labs, hackers, HP Enterprise Security, increase productivity, investigations, keep costs low, live demonstration, malware threats, Mohamed Zouine, operational flexibility, Palo Alto, PCI Compliance, persistent threats, privacy, protecting sensitive data, reduce risk, regulatory requirements, risk management, securing cardholder, securing technology, security regulations, Silver Trail, Stephen Cavey, strategic sponsor, technology risk, TeleTrust, Tripwire, Verdasys, Visa | Leave a comment

PCI London January 2012 – another great gathering

Posted on January 26, 2012 by mohamed.zouine

The arrival of the New Year welcomed another opportunity for Ground Labs to take a lead sponsorship position at PCI London once again at the Victoria Park Plaza Hotel on January 25th, 2012.

PCI London has established itsself as the premier PCI compliance event across Europe with the highest attendance of merchants in a single location. The many presentations delivered at the event targeted a range of important themes including network security, application security, data security, governance risk compliance (GRC), and PCI compliance scope.

The format of holding both main plenary and break-out educational sessions enabled attendees to learn and receive updates on addressing many of the common PCI compliance challenges that organisations face. It also provided senior decision makers with critical advice on how best to ensure information security compliance and implement payment security whilst minimising complexity to keep costs low.

Iain Johnston - BSkyB

Some of the speakers included Phil Davies from Aviva UK, who presented ‘compliance in the age of austerity’, a key note presentation on the solutions that save time and money while still maintaining or improving compliance levels. In addition to Mr Davies, Iain Johnston from BskyB presented a case study, demonstrating a story of the challenges on the journey to scope reduction, highlighting the importance of risk management, projecting the interesting notion that ‘necessity drives innovation’. This was followed by Graham Thompson of Semafone, presenting a live demonstration on ‘A day in the life of a contact centre fraudster’.

Semafone live demo

The presentation was a fantastic way of underlining the importance and necessity of PCI DSS, and practical attempts to thwart the fraudster at each step of their journey. This was complimented by Raza Al-Rehman Sharif’s presentation, from Sysnet Global Solutions on the evolving threat landscape, presenting methods used by attackers of the underground economy and how organisations should use threat modelling in order to reduce the chance of liability fines and reputation damage.

Mohamed Zouine presenting The good, the bad, and the ugly of cardholder data security

Ground Labs played a major role in the event by providing both a plenary and two educational sessions throughout the day on various aspects of cardholder data discovery and the key role it plays in addressing challenges that many organisations encounter when achieving or maintaining PCI DSS compliance.

The main-stage plenary was presented by our Director of Corporate Development, EMEA, Mohamed Zouine, on ‘The good, the bad and the ugly’, offering advice on how to avoid the often repeated but rarely identified errors and mistakes that lead to a breach.

Stephen Cavey presenting how Cardholder Data Discovery can be used to identify your true PCI compliance scope.

The education sessions were led by our Director of Corporate development, Stephen Cavey, on using Cardholder data discovery to establish your true PCI scope. In the morning session Stephen provided the audience with detailed insights on where cardholder data is often found within typical organisations including some of the more interesting locations such as Emails and their attachments within Microsoft Outlook and Exchange Server, Microsoft Office files stored as Binary Large Objects (BLOBs) within Enterprise Databases and the large number of findings often encountered within compressed backup

archives that have been in storage for several years.

A live scan using Card Recon was performed showing just how easy it is to find hidden cardholder data within any type of environment and what can be done to permanently delete or remediate such findings.

Later in the day delegates returned for another session where a live demonstration of Enterprise Recon was given showing the importance of establishing automated cardholder data discovery scans to occur at scheduled intervals, thus ensuring any non-compliant cardholder data that was previously identified does not find its way back into your environment. Many people have asked for a copy of the transcript which can be requested by emailing enquiries (at) groundlabs dot com.

Europe has become the fastest growing market globally for Ground Labs and it is clear organisations throughout the region require the ability to perform accurate Cardholder Data Discovery as part of their on-going PCI compliance. This was further supported by the large numbers of delegates who requested post-event evaluations of our Card Recon and Enterprise Recon cardholder data discovery solutions.

Overall, PCI London was a very successful and well executed event and once again our thanks to AKJ Associates for all their hard work. Other sponsors in attendence were Nettitude, Veritape, Logrhythm, IP Payments, Barclaycard, Datapipe, Fortinet, Foregenix, Security Metrics, Dell Secureworks, Eckoh, HP Enterprise Security, Trustwave, Voltage, Commidea, Datacash, 4techSoftware, Digital Persona, Idera, Ingenico, Protegrity, Quarri, Quotium, Saint, Surecloud, The Bunker and The Logic Group

Stephen Cavey awarding iPad 2 prize

Ground Labs will be lead sponsors at the PCI London event in July once again. If you are looking for more information in the meantime please do not hesitate to contact our UK office on +44 203 137 9898

Posted in Global PCI Compliance Events | Tagged 4techsoftware, AKJ Associates, Aviva UK, Barclaycard, BskyB, Card Recon, Cardholder Data Discovery, Cardholder data in Databases, Cardholder data in Outlook, Cardholder Data Microsoft Office, Commidea, Datacash, Datapipe, Dell Secureworks, Digital Persona, Eckoh, Enterprise Recon, Foregenix, Fortinet, Graham Thompson, HP Enterprise Security, Iain Johnston, Idera, Ingenico, IP Payments, IPPayments, Logrhythm, Mohamed Zouine, Nettitude, PAN numbers in Exchange Server, PCI Compliance Europe, pci compliance scope, PCI DSS Compliance, PCI London, Phil Davies, Protegrity, Quarri, Quotium, Raza Al-Rehman Sharif, Saint, Security Metrics, Semafone, Stephen Cavey, Surecloud, Sysnet Global Solutions, The Bunker, The Logic Group, Trustwave, Veritape, Voltage | Leave a comment

PCI Europe Amsterdam December 2011

Posted on December 23, 2011 by mohamed.zouine

December welcomed PCI Europe, the last conference of the PCI series for 2011 this time held in the charming city of Amsterdam at the 5 star Hotel Okura.
PCI Europe is a well known PCI compliance event for the region with delegates travelling from across Europe, Scandinavia, Iceland and Russia to attend this event. The delegation included Security Professionals from Payment Service Providers, Merchants, Acquiring Banks, Issuing Banks, Retailers, Security Vendors.
The agenda of the day provided management and technical advice, examples of best practice and practical case studies. The conference detailed how organisations can overcome compliance challenges, address critical security issues, reduce the risk of a data breach and ensure an effective response should a data compromise occur.
As the Principal Sponsor of the event, Ground Labs played a key role throughout the day hosting both a main-stage presentation and educational seminars on Cardholder Data Discovery.

Mohamed Zouine, our Director of Corporate Development for EMEA presented on the identifying ‘unknown unknowns’ that exist within a typical corporate environment and how Cardholder Data Discovery can be used to eliminate this conundrum. Mohamed emphasised the significant threat of data breaches occurring and the importance of using the controls mandated by the PCI DSS as a defence mechanism to avoid being the next victim of compromise.

Ground Labs also led two education sessions, the first led by our Director of Corporate Development, Stephen Cavey. Stephen presented on the use of Cardholder Data discovery to establish true PCI scope. A live demonstration of Card Recon was shown to the audience, to explain how simple and fast Cardholder Data Discovery can be used to find many of the common storage risks that normally exist in a typical organisation. Card Recon is normally used for scanning workstations and servers to identify any unencrypted (non-compliant) Cardholder Data within documents, emails, databases, log files and a wide variety of other storage formats.

Our other Cardholder Data Discovery product, Enterprise Recon was discussed and demonstrated by Mohamed Zouine in Ground Labs’ second education session later in the day. Enterprise Recon is an Enteprise Cardholder Data Discovery solution designed to enable medium and large organisations the ability to identify all unencrypted cardholder data across an entire organisations network. In the event that unencrypted (non-compliant) cardholder data is identified, Enterprise Recon will isolate and display the findings within a centralised real-time reporting interface.
Both the education sessions and the leading presentation evoked great enthusiasm from the audience, with some describing our presentations and products as ‘extremely helpful for PCI-DSS Compliance’. A copy of this presentation can be requested by emailing enquiries (at) groundlabs dot com.

All in all, Ground Labs, once again concluded another successful PCI event, embracing the opportunity to meet key people from the industry to perceive their opinion and future vision on PCI compliance. All presentations were very useful and it was also great to meet delegates from previous PCI events and network with them. Other sponsors in attendance included AirTight, B2UNL, CSP, Foregenix, Fortinet, Protegrity, Safenet, Thales, Security Metrics, Sysnet, Tripwire, Fortytwo, 4tech software, Qualys, Verifone and Semafone.
Our appreciation goes to AKJ Associates for organising the day, we look forward to attending the next event in January which will be PCI London held on January 25 at the Victoria Park Plaza.

Posted in Global PCI Compliance Events | Tagged 4tech software, Acquiring Banks, AirTight, AKJ Associates, audit professionals, B2UNL, Card Enterprise, Card Recon, Cardholder Data Discovery, centralised real-time reporting interface, critical security issues, CSP, data breach, Director of Corporate Development, education sessions, Foregenix, Fortinet, Fortytwo, Ground Labs, Issuing Banks, leading service suppliers, live demonstration, merchants, Mohamed Zouine, Payment Service Providers, PCI Compliance tool, PCI Compliant, PCI DSS Compliance, PCI Europe, PCI project managers, PCI Scope, PCI series, practical case studies, Principal Sponsor, Protegrity, QSAs, Qualys, reduces risk, Retailers, Safenet, scans computers and servers, securing Cardholder Data, Security And Compliance Professionals, Security Companies, Security Metrics, Semafone, Stephen Cavey, storage formats, strategic and technical advice, Sysnet, Thales, Tripwire, vendors, Verifone | Leave a comment

HOSPACE November 2011

Posted on November 29, 2011 by mohamed.zouine

Upon conclusion of PCI Abu Dhabi on Wednesday, our team headed straight for Abu Dhabi Airport to fly overnight, landing in London’s Heathrow airport the next morning for HOSPACE which was conveniently being held at the Sofitel in Heathrow Terminal 5. HOSPACE is a one–day annual conference and exhibition hosted by HOSPA, the UK’s leading educational organization for professionals involved in Financial Management, Revenue Management and IT within the hospitality industry.

This event welcomed up to 400 British and international delegates to receive an informed view from an international line–up of experts, all recognized and respected in their own field about the latest key financial, revenue and IT management issues and developments.

Ground Labs had the opportunity to share it’s knowledge and experience on the risk of hidden credit card data storage with delegates, particularly focusing on insecure data storage within hotels which can result in compromise of their guests sensitive credit card information. This is often due to a lack of education in the importance of data protection and PCI compliance. Many do not realise that there are still a large number of hotels requesting guest credit card details via unencrypted email and store these details within older legacy guest management systems which do not have any levels of PCI compliant encryption or obfuscation such as masking.

Our Director of Corporate Development, Stephen Cavey, presented this information as part of the ‘Five minutes of Fame’ challenge, succeeding in having exactly five minutes and five slides to deliver his message, in an informative, entertaining and humorous way to the entire audience.

Having never attended this event before, it became apparent that PCI compliance has only recently become a focus topic of the HOSPACE events and can now be described a major priority for many hotels and other organisations within the hospitality industry. It is also important to note that Hospitality was listed as the #1 industry suffering data breach compromises in the recent 2011 Verizon Business Data Breach Report. As organisations within this industry continue to assess their risk, cardholder data security and PCI Compliance must play a key part of the risk assessment process. Ground Labs are passionate to relay the importance of this and did so to the diverse audience at HOSPACE.

The event was thus a very new experience for Ground Labs, nevertheless offering another perfect opportunity to offer our knowledge on PCI compliance and cardholder data security, helping to educate those companies formerly unaware to its significance.

Thanks to HOSPA and the Sofitel London Heathrow for a day filled with interesting and stimulating information and resources, as well as the divine Gala dinner!

Other exhibitors at the event included Orthus, Acentic, Agilysys, Atos, Beacon Purchasing , Daisy Plc, Easy RMS, Global Blue, Keystep Ltd, Procure Wizard, Rate Tiger, Serve Base,Softbrands and XN Hotel Systems.

Posted in Global PCI Compliance Events | Tagged Acentic, Agilysys, Atos, Beacon Purchasing, cardholder data security, Daisy Plc, data masking, data protection, Director of Corporate Development, Easy RMS, Financial Management, five minutes of fame, Global Blue, Ground Labs, guest credit card details, guest management system, hidden cardholder data storage, HOSPA, HOSPACE, hospitality industry, Hotel Compromise, Keystep, Mohamed Zouine, Orthus, PCI Compliance, PCI Compliance Hospitality Industry, PCI compliant encryption, Procure Wizard, Rate Tiger, Revenue Management and IT, risk of hidden credit card data storage, Serve Base, Sofitel Heathrow T5, Sofitel London Heathrow, Softbrands, Stephen Cavey, UK's leading educational organization, unencrypted email, Verizon Data Breach Report, XN Hotel Systems, ‘Five minutes of Fame’ | Leave a comment

PCI Abu Dhabi November 2011

Posted on November 28, 2011 by mohamed.zouine

This year’s PCI Abu Dhabi conference, held on November the 23rd 2011 at the Beach Rotana Hotel, once again welcomed Ground Labs to present on our knowledge of experiences in Cardholder Data Discovery thanks to the team at AKJ Associates. Acting as a strategic sponsor, we were able to experience the most comprehensive event in the Middle East on PCI DSS compliance. AbuDhabi Grand Mosque

The exclusive community brought together an audience of over 100 representatives from banks, merchants and card schemes, including PCI project managers, security, risk, fraud, and audit professionals, offering the opportunity to hear from the markets leading service suppliers about solutions that can be deployed to achieve compliance, as well as merchant perspectives on the issues they have encountered when working with vendors and QSAs.

The event was very well attended by senior security professionals from across the Middle East including Bharat Raigangar, Country Head, Security and Risk, Royal Bank of Scotland, who gave a fantastic keynote presentation on effective enterprise fraud management. Plenary sessions and education seminars focused largely on compliance management and security, including technical guidance, case studies, and examples of the best practice that can be deployed to protect sensitive data, improve business processes and meet compliance requirements.
In attendance at the event was Ground Labs’ Middle Eastern partner, Paladion Networks, who already provide QSA and IT security management services to many of the financial institutions in attendance. Their PCI DSS Service Specialist and Senior Consultant presented on understanding how to prioritize and plan remediation activities and the effective utilization of compensating controls. Other vendors in attendance included Foregenix, Fortinet, SafeNet, Sourcefire, Nettitude, Safelight and ISACA.

Ground Labs was also involved in these plenary sessions, with Mohamed Zouine presenting on eliminating the ‘unknown unknowns’ on the path to securing cardholder data. This concentrated on the threat of data breaching, avoiding the common mistakes made by organisations after finally achieving compliance, as well as having the right attitude towards PCI DSS compliance.
There were a number of great questions from the audience throughout the presentation, leading to some discussion highlighting the fact that cardholder data can be found just about anywhere and only through cardholder data discovery can such instances of PCI non-compliance be accurately identified and resolved in a timely manner. We have also been asked by a number of attendees for the script of the presentation given at this event which is available through contacting enquiries@groundlabs.com

Compared with previous PCI events that Ground Labs has attended, it is interesting to see this year, how the market is both progressively and positively growing towards PCI DSS compliance. Each year, more and more companies are attending these types of events, and Ground Labs thrives in the endless opportunities to present and educate such companies on why PCI compliance is so important in the ever changing environment of Cardholder Data.

All in all, a fantastic day of glorious sunshine, riveting company, and not forgetting, invaluable experience and advice from some of the world’s leading PCI project professionals. Our thanks once again to AKJ Associates for organizing this unforgettable event which we were privileged to attend.

For any information regarding Card Recon and Enterprise Recon, please call our EMEA team on +44 203 137 9898 or email enquiries (at) groundlabs dot com

Posted in Global PCI Compliance Events | Tagged 100 representatives, AKJ Associates, audit professionals, banks, Bharat Raigangar, card schemes, Cardholder Data Discovery, case studies, compliance management, data breaching, education seminars, effective enterprise fraud management, enquiries@groundlabs.com, Europe, Foregenix, Fortinet, Groundlabs, ISACA, keynote presentation, leading service suppliers, meet compliance requirements, merchant perspectives, merchants, Middle East, Mohamed Zouine, Nettitude, November the 23rd 2011, Paladion Networks, PCI Abu Dhabi, PCI DSS Compliance, PCI DSS Service Specialist, PCI non-compliance, PCI project managers, Plenary sessions, protect sensitive data, QSAs, remediation activities, Royal Bank of Scotland, Safelight, Safenet, senior security professionals, Sourcefire, strategic sponsor, technical guidance, vendors | Leave a comment

PCI London July 2011 – Ongoing PCI compliance a key theme

Posted on July 10, 2011 by support

Once again we have returned to London to attend the PCI London mid-year conference which was just recently held on Wednesday, the 6th of July 2011. The Victoria Park Plaza hotel played host to this ever-growing event, this time attracting over 400 delegates from organisations across the United Kingdom and Europe.

Ground Labs presented on Cardholder Data Discovery at PCI London at the Victoria Park Plaza Hotel on July 6, 2011.

Ground Labs provided live cardholder data discovery demonstrations at PCI London.

The themes and key messages delivered at this event were certainly more clear to the attending delegates, with a great focus being placed upon educating organisations on the need to effectively plan and implement controls that enable long term PCI compliance rather than treating this standard as a one-off project that requires little attention after a clean PCI Report On Compliance has been achieved.

Throughout the day delegates were offered with a wide variety of engaging presentations from independent security experts and sponsoring vendors who provided insights into their relative fields of expertise for PCI compliance and the issues commonly faced by QSAs, merchants and service providers alike.

Stephen Cavey - Director of Corporate Development presenting at PCI London on Cardholder Data Discovery

Ground Labs was heavily involved in this event, providing both plenary and educational sessions throughout the day on various aspects of cardholder data discovery and the key role it plays in addressing challenges that many organisations deal with when formulating an effective PCI compliance strategy.

This mid-year event also attracted a dramatic increase in the number of participating vendors including Protegrity, Qualys, Cipher, Blackfoot UK, Safenet, Splunk, Voltage, Barclaycard, Intel, and Dell. In total

Ground Labs Presents Cardholder Data Discovery at PCI London 2011

The London Eye and Big Ben taken from The Thames river at PCI London 2011.

over 25 vendors supported this event making for a very successful day. It is clear that the PCI London and PCI Europe events have become the leading PCI compliance events for the region, noting that AKJ associates (the organisers of this event) do not charge delegates to attend.

Posted in Global PCI Compliance Events | Tagged AKJ Associates, Barclaycard, Blackfoot, Blackfoot UK, Cardholder Data Discovery, Cipher, Cipher Security, Ciphersec, Control Case, Crytomathic, Dell, Dell Secureworks, Eckoh, Encryption, Foregenix, Fortify, Fortinet, Honeycomb, Honeycomb Technologies, Intel, Ipswitch File Transfer, Liason formerly Nubridges, Netop, Nubridges, PCI Compliance, PCI Compliance Strategy, PCI DSS, PCI DSS Compliance, PCI Encryption, PCI London, Protegrity, Qualys, Safenet, Secureworks, Security Metrics, Semafone, Semaphone, Splunk, Thales, Tokenization, Tripwire, Vadition, Verifone, Voltage Security | Leave a comment

Visa Security Summit June 2011 – Dubai

Posted on June 21, 2011 by support

Ground Labs Sponsor Stand Demonstrating Cardholder Data Discovery at Visa Security Summit Dubai

Ground Labs displayed live cardholder data discovery demonstrations to delegates attending the Visa Security Summit event in Dubai.

Our team once again attended the second Visa Security Summit 2011 held this time in Dubai on June 14 – 16 at the Grand Hyatt.

Delegate attendance consisted of financial acquirers, issuers and Visa business partners primarily from the Middle East, Africa and European regions. This also included a large contingency from various law enforcement agencies who work closely with Visa and it’s member financial institutions to track down and convict the criminals responsible for data breaches and financial fraud.

The event outline was similar to the Jakarta summit in that it covered multiple areas related to fraud and data compromise including Payment System Security and PCI Compliance, EMV Migration, Contactless Payments and Fraud Mitigation Best Practices.

The Visa Security Summit Dubai 2011 was held at the Grand Hyatt Hotel. This photo of a Dubai sunrise was taken from the 14th floor in the hotel. Dubai Airport hides in the background behind the haze.

The Dubai summit attracted various senior executives within Visa including Nigel Bath (Head-Fraud Control & Investigations International) and Mike Smith (Head, Risk Management Asia Pacific, Central Europe, Middle East & Africa) who offered presentations explaining current data compromise and fraud statistics and how Visa’s data security and fraud initiatives have been instrumental in mitigating many of the threat vectors that have evolved over the past 10+ years.

Also in attendence at the event was Ground Lab’s Middle East partner, Paladion Networks who already provide QSA and IT security management services to many of the financial institutions in attendance, and Stickman Consulting who recently expanded their global presence by opening a local office in Dubai.

Visa Security Summit 2011 Dubai Desert Sunset

An afternoon sunset in Dubai taken from the Desert Dunes on the 3rd day of the Visa Security Summit 2011.

Ground Labs’ presentation at this summit targeted financial institutions undergoing internal PCI compliance projects whilst also attempting to bring their merchant customer base into compliance. There was some great questions from the audience throughout the presentation leading to some discussion highlighting the fact that cardholder data can be found almost anywhere and only through cardholder data discovery can such instances of PCI non-compliance be accurately identified and resolved in a timely manner.

Visa Security Summit 2011 Dubai Desert Dunes

The vast desert dunes 50km outside of Dubai - taken on the 3rd day of the Visa Security Summit 2011.

Throughout the conference, it was noted on multiple occasions the strong need to be prepared for a cardholder data breach. There have been many high profile cardholder data breaches where the notification time taken to advise acquirers and card schemes was unacceptable by industry standards. Visa publishes guidelines on how to handle being breached including what to do, who to contact and when. These guidelines are available at Visa’s website In Case of Compromise site (or visit theUS link) which contains the What To Do if Compromised guideline document which outlines Visa’s recommendations for handling a cardholder data breach.

Our appreciation and praise goes out to Agnes Ng, Emoke Bitter, Mike Smith, Nigel Bath and the rest of the Visa team from Singapore who executed these 2 highly successful events in Jakarta and Dubai respectively.

Posted in Uncategorized | Tagged Advance Authorisation, ATM Compromise, ATM Security, Cardholder Data Discovery, Contactless Payments, Dubai, Emoke Bitter, EMV Migration, Grand Hyatt, Head Fraud Control & Investigations International, Head Risk Management Asia Pacific Central Europe Middle East & Africa, Jakarta, Michael E. Smith, Mike Smith, Nigel Bath, Paladion Networks, PCI Compliance, PCI DSS, PCI Scope, Visa, Visa Country Manager, Visa Security Summit | Leave a comment

Visa Security Summit May 2011 – Jakarta, Indonesia

Posted on June 1, 2011 by support

Ground Labs was proud to sponsor and present at the Visa Security Summit 2011 in Jakarta held on the 24th – 26th May 2011. This summit brings together financial institutions and Visa business partners from across the Asia Pacific region to address the ongoing threat of payment fraud and growing data security issues that we are faced with as an industry.

Ground Labs Sponsor Stand Displaying Cardholder Data Discovery at Visa Security Summit Jakarta

Ground Labs displayed live cardholder data discovery demonstrations to delegates attending the Visa Security Summit event in Jakarta.

With over 300 delegates in attendance, the event covered a broad variety of topics including fraud detection through advanced authorisation, ATM compromises, Verified by Visa with Dynamic Authentication, Successful EMV/Chip case studies and other relevant industry topics.

The event was fortunate enough to attract some of Visa’s most senior risk and fraud executives including Ellen Richey (Chief Enterprise Risk Officer), Eduardo Perez (Global Head Payment System Security) and Ingrid Beierly (Director, Cyber-Security & Investigations) who all presented at different points throughout the summit on Visa’s initiatives to fight evolving payment fraud patterns that have lead to criminal convictions globally.

Also in attendance were 2 of our Asia Pacific partners, Stickman Consulting and Vectra Corporation. Both partners were event exhibitors promoting their innovative PCI compliance solutions for financial institutions and merchants which included our Card Recon and Enterprise Recon cardholder data discovery software solutions.

Ground Labs presented on PCI compliance challenges faced by the merchant community including the dangerous situation that exists from Level 2 – 4 merchants who are undergoing the self-assessment and SAQ sign-off process without fully understanding the content of the PCI DSS or the ramifications that a simple oversight could create. This is an evolving issue as the number of smaller merchants being compromised continues to grow. Once again we demonstrated how Cardholder Data Discovery can highlight many areas of non-compliance and risk within a merchant environment and help an organisation understand it’s true PCI compliance scope.

Visa Security Summit 2011 2011 in Jakarta City - The future of dynamic business

Jakarta City - the location of this latest Visa Security Summit 2011 series which attracted payment card industry fraud and security professionals from across the region.

The event format run by Visa was first class and highlights just how an organisation like Visa functions and presents it’s trusted brand to the world. The Hotel Mulia was clearly one of Jakarta’s top hotels with five-star facilities and the highest level of physical security we have seen to date. On the subject of Indonesia, the event keynote address was provided by Ellyana Fuad, Visa Country Manager for Indonesia who offered some amazing insights on Indonesia and it’s people including the interesting fact that Indonesia currently ranks #3 in the world for Facebook usage and has the highest % of it’s population using Twitter compared with all other countries. These figures demonstrate the massive future growth potential of this region, particularly in areas of technology, banking and payments including PCI compliance…

The next Visa Security Summit will be held from the 14th – 16th of June 2011 in Dubai at the Grand Hyatt Hotel.

Posted in Global PCI Compliance Events | Tagged Advance Authorisation, ATM Compromise, ATM Security, Cardholder Data Discovery, Chief Enterprise Risk Officer, Director Cyber-Security & Investigations, Eduardo Perez, Ellen Richey, Ellyana Fuad, Global Head Payment System Security, Indonesia, Ingrid Beierly, Jakarta, Mulia Hotel, PCI Compliance, PCI DSS, PCI Scope, Visa, Visa Country Manager, Visa Security Summit | Leave a comment

PCI Dubai May 2011

Posted on May 16, 2011 by support

Ground Labs Sponsorship of PCI Middle East May 2011

The Al Murooj Rotana Hotel - Venue for PCI Middle East (Dubai) in May 2011

We have once again returned to the Middle East, this time taking part as a key sponsor of PCI Dubai, held at the Al Murooj Rotana hotel on the 12th of May 2011.

Like all of the PCI series events run by AKJ Associates, it was well planned offering a balanced mix of plenary session and educational activities that delivered a broad variety of content for PCI Compliance. All delegates that we had the opportunity of speaking with said they found the event informative and helpful towards their PCI Compliance programs. The catering of the event also deserved a special mention.

Attending the event was a broad variety of financial institutions, airlines, insurers, multi-national conglomerates and many well-known brands from across the Middle East including Dubai, Abu Dhabi, Qatar, Saudi and other major cities from the region.

The Burj Khalifa (Dubai)- The Worlds Tallest Building

As the event’s principle sponsor, Ground Labs offered presentations in various forums throughout the day on topics related to cardholder data discovery for PCI compliance. The presentations explored various factors that often hinder PCI compliance efforts including user behaviour, system administrator bad habits, and assumptions from management on handling practices traditional auditing techniques that were previously relied upon by QSAs.

Also highlighted was the strong need to ensure PCI compliance scoping is approached correctly from the very beginning. Once compliance is achieved the intensity and focus must not stop – it is critical to implement a long term plan to monitor and maintain compliance. All too often we see and hear about organisations who achieve PCI compliance and then allow their compliance programme come to a halt with few resources committed to the ongoing upkeep of compliance.

In summary, this was once again a fantastic event that offers great support for organisations interested in PCI Compliance within the Middle East Region.

The Dubai Mall

The next event in this region is scheduled to occur in Abu Dhabi on the 28th of November 2011. For more information please visit: http://www.pci-portal.com/pci-middleeast/

Posted in Global PCI Compliance Events | Tagged AKJ Associates, Al Murooj Rotana Hotel, Burj Khalifa, Cardholder Data Discovery, Dubai, Dubai Mall, PCI Compliance, PCI Middle East, PCI Scoping | Leave a comment

eCrime France 2012

PCI London January 2012 – another great gathering

HOSPACE November 2011

PCI London July 2011 – Ongoing PCI compliance a key theme

Visa Security Summit June 2011 – Dubai

Visa Security Summit May 2011 – Jakarta, Indonesia

PCI Dubai May 2011

Recent Posts

Recent Comments

Archives

Categories

Meta