MasterCard 2011 Payment Card Security Summit Johannesburg, South Africa February 15-18, 2011 INNOVATE. COLLABORATE. EDUCATE.

Transcription

1 MasterCard 2011 Payment Card Security Summit Johannesburg, South Africa February 15-18, 2011 INNOVATE. COLLABORATE. EDUCATE. Tuesday February 15, 2011 Registration & Welcome Coffee 08:00 09:00 General Session: 09:00 17:00 Opening Address and Welcome Remarks 09:00 09:20 The Evolving Fraud Landscape: A customer panel analyzing fraud trend and successful mitigation strategies 09:20 10:10 Panelists: Gavin Wasserfall (ABSA), FNB, Ian Potgieter (MasterCard Dubai) Moderated by: Barry Wong, Senior Business Leader, MasterCard Worldwide This panel of diverse customer representatives will discuss the challenges that they are facing in their respective markets of SAMEA. Find out about the trends they are seeing and the best practices their companies have put in place that have resulted in success stories. Hear about how they are managing their portfolios and the inherent issues that go along with their jurisdictions Data Protection How it can be Compromised Dr C.P. (Buks) Louwrens, Nedbank 10:10 10:50 Brief discussion of how a combination of old tricks and new digital forensic cryptographic technologies make it possible to overcome some traditional data protection measures. Some of these techniques will be practically demonstrated. Coffee Break / Exhibitor Introductions / Networking 10:50 11:20 The Growing Threats in the Global Marketplace John Yeo, Trustwave 11:20-12:00 The 2011 Trustwave Global Security Report correlates data from hundreds of compromise investigations and thousands of penetration tests conducted in more than 40 countries in This year s edition offers a unique analysis of the world's information security weakness and defence capabilities, including the newest threats businesses will face in The report also analyses the shift in attack vectors over the past 30 years from physical threats in the 1980s to those arising from mobile computing and social networking in AGENDA 1

2 A Recipe for Staying Out of the Headlines: An Investigator's Perspective Into the Current Cyber Crime Landscape Andrew Bonillo, Principal, Investigative Response, Verizon Business Bryan Sartin, Director of Investigative Response, Verizon Business 12:00 13:00 The information security threats we face are a constantly changing landscape. Delivered by representatives from the Verizon Business Investigative Response Team, this presentation will cover the most recent evolutions in cyber crime with a particular emphasis on the compromise of cardholder data. The discussion will center around risk-driven metrics and statistics taken from real world computer forensic investigations and will cover victim company demographics, data breach sources by region and attack vector, intrusion entry points, organized crime involvement, attack leading indicators, key risk mitigators based on experience, among others. Lunch / Exhibitors / Networking 13:00 14:00 Effective Communication Strategies around Fraud and ADC Events Chris Harrall, Senior Business Leader, MasterCard Worldwide 14:00 14:30 This session will provide an overview on the end-to-end approach on ADC including the role and responsibility that each stakeholder plays on the issues related to ADC Event Management, Crisis Communications and Regulatory Focus. POI Manipulations Risk Diversion Peter Fryer, Director Operations, Risk Diversion (Pty) Ltd. 14:30 15:15 Peter will share examples and were possible demonstrate POI manipulation. In addition to this we will share best practices in order to avoid becoming a target. Coffee Break / Exhibitors / Networking 15:15-15:40 How to Succeed at Achieving PCI John Verdeschi, Senior Business Leader, MasterCard Worldwide 15:40 16:20 Becoming and maintaining PCI compliance can seem daunting. This presentation will highlight common misunderstandings and misinterpretations made regarding PCI and a strategy to achieve on-going compliance. It will also include an update on the PCI Security Standards Council s standards lifecycle; learn about the new updates for the 2010 release of the DSS, PA-DSS, PTS; and the emerging technology framework. A Customer s Perspective on Achieving PCI Compliance Cowyk Fox, Chief Operating Officer: ABSA Card; Wenlock Free, VP Business Development, SecurityMetrics, Bryan Sartin, Director of Investigative Response, Verizon Business 16:20 17:00 First hand view from a banking institution discussing their experiences while becoming PCI compliant. Cocktail Reception Event (Co-Sponsored by Norkom) 18:00 19:00 Dinner (Co-Sponsored by Trustwave) 19:00 21:00 AGENDA 2

3 Wednesday February 16, 2011 Managing Payment Card Fraud - Effective Legislation Advocate Jan Henning, Deputy Chairperson of the Financial Services Board Enforcement Committee, S. Africa 9:00 9:40 Making use of Local Legislation in order to prosecute and receive effective jail terms for Credit Card fraud. Managing Key Processes and Best Practices to Curtail the Impact of Fraud Tim Buckingham, Litigation Partner, DLA Piper UK LLP 9:40 10:30 The first weeks after a fraud has been detected can be pivotal in recovering money or minimizing losses. Using actual examples, this session will look at common issues arising out of fraud, and some best practices to develop to assist in investigating the fraud, and minimizing the impact of fraudulent activity. Learn about the significance of proper document management, the appropriate third party communications, techniques to interview a suspected fraudster and working with the authorities on cross border fraud to determine how and when to look at civil remedies. The Data-Driven Fraud Fight: Putting Analytics and Performance Metrics to Work for You Christine Brundage, Global Solutions Leader, MasterCard Advisors Leveraging data in the form of fraud lifecycle performance metrics and analytic outcomes allows organizations to gain a deeper understanding of their business. This session will explore how to use this information to make smarter decisions and gain new insights, from prevention and detection to recovery. 10:30 11:00 Coffee Break / Exhibitors / Networking 11:00-11:20 The Changing Face of Payments Gary Byrne, Region Lead for Product Support & Deployment MasterCard Worldwide 11:20 12:00 Attendees will learn how their CHIP investment can be leveraged through new secure payment applications, including Mobile Commerce and Paypass solutions. Discussion on the latest Trends in Card Payments: Evolutionary Products and Technologies (Contactless, NFC, Chip, Mobile, Display Card, etc.) Aggressive Marketing Practices: Identifying Areas of Increased Scrutiny in the Payment System Bob Caldwell, Partner, G2 Web Services, LLC 12:00 12:45 This session will provide you with a comprehensive overview of the areas of scrutiny for some ecommerce merchant practices. Understand the types of vulnerabilities in business practices and potential areas of increased scrutiny. Identify trends and return to your company with increased understanding of the types of inquiries that should be a part of enhanced due diligence. Lunch / Exhibitors / Networking 12:45 13:45 Understanding Your Fraud Business to Better Partner with Out-source Vendors Christine Brundage, Global Solutions Leader, MasterCard Worldwide 13:45 14:25 In today's market, many issuers choose to partner with third-party vendors to manage their fraud program. This partnership takes many forms, but in all forms, one thing is certain - you must understand all aspects of your fraud business to gain the most benefit from this arrangement. In this session, learn how issuers can gain new insights and use this information to optimize the relationship with their vendors. AGENDA 3

4 Effective Fraud Reduction Strategies Through Better Analytics and Real-Time Scoring John Verdeschi, Senior Business Leader, MasterCard Worldwide 14:25 15:10 Fraud is constantly evolving and can occur on both compromised and non-compromised accounts. Issuers face a significant challenge in monitoring transactions for fraud and make spilt-second decisions on authorizing or declining transactions, closing accounts, and possibly reissuing accounts. To do so effectively, issuers need to be confident in their decision making capabilities and require an objective viewpoint on fraud prediction. In this session, participants will learn about the MasterCard Expert Monitoring Solution and Compromised Account Service, and hear about how these technologies can generate tremendous results in the war on fraud. Coffee Break / Exhibitors 15:10-15:30 Update on MasterCard Compliance Programs Paul Paolucci, Business Leader, MasterCard Worldwide 15:30 16:30 Card Security & ARM Products Update Ravi Aurora, Senior Business Leader, MasterCard Worldwide 16:30 17:00 Closing Remarks: End of Security Summit 17:00 17:15 Thursday February 17, 2011 PCI: Lessons to be Learned from Data Breaches Joshua Knopp, Business Leader, MasterCard Worldwide Examine case studies based on real world forensic investigations that will help you learn to recognize the warning signs that present themselves prior to an account data compromise. Review the detection and prevention practices that your organization can implement to prevent a potentially damaging breach from occurring. See Agenda below: 9:00 17:00 PCI Training Agenda Welcome & Introductions Security Landscape and Account Data Compromise Trends Updates on the PCI Security standards Council Coffee Break Overview of the PCI Data Security Standards Lunch Case Study Approach to Implementing PCI Requirements: Small & Medium Merchant Case Studies Coffee Break Case Study Approach to Implementing PCI Requirements: Medium Merchant and Large Processor Case Studies AGENDA 4

5 Friday February 18, 2011 (Location: MasterCard Office: 16 Floor, Sandton City Office Tower Cnr Rivonia Rd and 5th Street, Sandton :00 15:00 E-Commerce Merchant Boarding and Monitoring Procedures (With specific focus on High Risk Merchant categories) Bob Caldwell, Partner, G2 Web Services, LLC Paul Paolucci, Business Leader, MasterCard Worldwide 9:00 17:00 This interactive session will allow you to get your questions answered on how to best identify and manage your risk mitigation associated with MasterCard Rules and to employ best practices in early warning and detection of potential and current industry schemes. Hear directly from MasterCard Fraud Detection and Review business leader and the industry experts in risk monitoring, G2 Web Services, to best understand the MasterCard compliance programs, including registration, reporting requirements, monitoring and detection. Return to your company with a better sense of MasterCard s approach to protecting the payments network and steps to improve your own compliance. As an attendee, you will: Gain a comprehensive understanding of the MasterCard Compliance Programs that can help you optimize operations and reduce remediation time Be the first to hear about the new programs and enhancements that are in development to streamline the compliance process for MasterCard customers Network with peers, share ideas and make suggestions around improving program monitoring and execution Learn how to minimize the risks associated with compliance and how to better protect your business reputation and potentially reduce non-compliance events. Examine case studies based on real world forensic investigations that will help you learn to recognize the warning signs that present themselves prior to an account data compromise. Review the detection and prevention practices that your organization can implement to prevent a potentially damaging breach from occurring. AGENDA 5