WestinTokyo1407565650

How Cyber-Secure Is Japan, Really? That Question Answered, and More, at PCI Tokyo

A lot of the data breach stories we read about seem to focus on America. Even with cyber attacks and threats against Sony Pictures, which lead to The Interview not making a theatrical release, felt more like an American story than a Japanese one.

Make no mistake, though: Japan faces a great deal of cyber-crime, even if we aren’t always reading about it.

A report by Trend Micro titled ‘The Japanese Underground’ showed that in 2014, the number of potential cyber crime cases went up a staggering 40%.

The financial damage from illegal online bank transfers in the same year totalled US$24 million.

Given that e-commerce market in the APAC region is even more vibrant than in the entire of NA, and that CNP fraud is the fastest rising type of fraud in the APAC region, it’s easy to see that if things don’t change, the future of credit card payment in Japan is grim.

Fortunately, things do look like they are about to change.

 

CRQLQ3uUsAA5kfg

 

At the PCI Tokyo conference held two weeks ago, data security experts met to learn more about the state of data security in the region as a whole, as well as take part in discussions that could lead to solving the current data breach crisis.

One of the key takeaways from the conference is that Japan is actively working on making payments safe both for its residents as well as tourists. One of the reasons they are doing this is to prepare for the 2020 Tokyo Olympic and Paralympic games, where they are expecting to see a gargantuan crowd of people shopping with their credit cards.

Methods they are employing include eliminating malicious merchants, and increasing the number of EMV-enabled terminals used all over Japan.

 

Is the PCI Standard Working?

Interestingly enough, another common theme at the PCI event seemed to be the effectiveness of the standard, which comes under fire every time a company gets breached despite having attained PCI compliance.

The resounding opinion is that the reason many companies get breached despite meeting compliance standards is that they treat PCI compliance like Christmas; like security is a special thing you only pay attention to once a year during an audit.

 

CRUdLFKVAAAHJSt

 

Here are some of the key points raised by various speakers regarding the issue:

  • PCI’s focus is preventing CNP data from being compromised, not preventing compromised CHD from being used.
  • Of all the payment data breaches investigated in the last 10 years, not a single organization was found PCI DSS compliant at the time of the breach.
  • Security is seeing the business value in using PCI compliance controls.
  • PCI DSS can be a good pointer for other security goals
  • The question is not what is safe or unsafe, but what is acceptable or unacceptable.
  • It’s impossible to remove every risk, but it is possible to keep that risk at an acceptable level.

 

Ground Labs @ PCI Tokyo

As with every PCI conference, we at Ground Labs were busily showcasing our next-gen data security solutions, and it was great meeting a lot of QSAs that operate only in Japan.

We heard from them the usual horror stories we get all around the world, like how clients they audit still use the default network passwords.

Overall, we can definitely see Japan moving forward towards a more secure future, and we are excited to see the government create an environment where everyone feels safe paying with their credit cards.

And that’s only partially because the Japanese Yen coins weigh a little too heavy in our pockets for our liking.

What Does Data Security Look Like in MENA?

The PCI Security Standards Council hosts some of the best data security conferences on the entire planet, and best of all t is that each conference is tailored specifically to the region it’s held in.

Interestingly enough, at the recent 2015 Middle East Forum held in the Conrad hotel, Dubai, the focus was not as much on preventing credit card fraud. More rudimentarily, it was about the need to convince nervous consumers in an emerging market that credit card fraud is nothing to be afraid of.

A Big But Hesitant Market

Commerce in general is booming in MENA, and there’s currently a mad scramble to get into the market before it matures, to start earning customer loyalty early.

Plenty of international e-commerce companies are trying to get a slice of the fresh, tasty pie as well, but customers aren’t biting as hard as they are elsewhere in the world.

An estimated 56% of consumers surveyed named credit card fraud as their number one concern regarding online purchasing, and given the absurd number of hacks taking place around the world on a daily basis we don’t really blame them.

The PCI Council’s International Director Jeremy King delivering an opening speech at this year’s PCI Middle East Forum

The temporary situation comes in the form of prepaid cards, which are being used quite widely. Consumers can charge these cards beforehand, and use these cards in their online payments to ensure that their credit card numbers never enter a merchant’s database (if you’d like to learn more about prepaid cards, check out this blog article.)

In reality, prepaid cards do not really help negate the risk – they do little more than provide a placebo sense of security.

The real solution is creating an online payment environment that users will feel safe using their cards in.

That dream is one that the PCI DSS council works towards fulfilling, along with merchants and data security experts from around the world.

MENA At A Glance

Is the region worth tapping into? With 175 million MENA internet users, an $18 billion growth in credit card usage, and a projection that 80 million MENA consumers will be using mobile banking by 2017, we have to respond to that rhetorical question with a sarcastic yet very respectful “duh”.

How safe, though, is MENA in comparison to the rest of the world in terms of data security? One key indicator is the fact that 86.3% of terminals are chip-enabled, compared America who have only just started using the technology in the last year. Riding on the commerce boom, new technologies like ApplePay and biometric payment methods are also projected to be less than 2 years away, assuming they prove worth implementing.

The malls in Dubai get a lot of organic traffic, so retailers do not feel the need to go the extra mile to pull in customers.

None of this is to say that the PCI compliance is not a priority in MENA- on the contrary, quite a few well-known Emerati companies were in attendance at the event.

Word on the floor, though, is that in the banking industry, PCI compliance is compulsory for banks in Saudi Arabia, but not yet the UAE.

Only the top 4 acquiring banks in UAE are held to the council’s standards for credit card security, while the other 50 or so banks are not strictly regulated.

No Need To Try Harder, Because No One Else Is Trying Either

In Dubai, not many websites are currently offering e-commerce solutions at the moment. One Dubai resident that I spoke to lamented that not many commercial websites offer anything more than the bare bones [homepage/about us/products/contact us] page combo. Because tourism is so rich in Dubai that store walkin-in traffic is already organically high, there really isn’t a need to try harder to get customers.

But given that commerce is growing faster than they can build a Disneyland AND a Universal Studios in Dubai, it’s only a matter of time before consumers make online payment a staple, and hackers start taking notice.

But just as merchants are concerned with slowly nurturing their businesses in the region, so should PCI compliance grow into a mandatory business need. Because if online payment takes off while PCI compliance doesn’t, it’s going to spell very bad news for everyone, except the hackers.

(Image source)

Ground Labs at the PCI Security Council Asia-Pacific Community Meeting

The Ground Labs Team has travelled to over 7 payment card industry related conferences this year, and it’s not just because we love racking up frequent flyer miles- for us, mingling with other members of the data security community and showcasing our products is one of our top priorities, and one that we relish.

And it’s not been without purpose, either- at this year’s PCI Asia-Pacific Community Meeting held in Sydney, Australia, it seemed we have become something of a household name for many QSAs in the region. It was amazing talking to people who use our products on a frequent basis, and hearing their inputs on how we can further improve upon our data discovery tools.

Of course, the main highlight of these events is the talks by distinguished members of the PCI Council, as well as data security experts from around the world.

As with all PCI Community Meetings, the key focus was the future of the payment card industry. Jeremy King, the International Director of the PCI Security Standards Council (PCI SSC), opened with a very stern, hard-hitting fact- that cybercriminals are much more focused and efficient than we are. While security is not a top priority for many of us, it is for criminals, which is why the good guys often find themselves on the losing end.

King also warned of the dangers of the world getting more connected, that the more of our gadgets and gizmos come equipped with chips and internet connectivity, the more at risk we are. Shara Evans, a Technology Futurist (how cool is that), backed up this fact, by delivering a flashy presentation showing off new emerging technologies and how they could pose a threat to security. Some examples include pacemakers that can potentially be dealt a 830v shock from 50m away, and drone technology that can be used to spy on the public, even reading credit card details from the sky.

Speaking of the sky, Sydney has some excellent rooftop views.

There was also a lot of talk revolving around the PCI Data Security Standard (PCI DSS). PCI SSC council members Troy Leach, Emma Sutcliffe and Gareth Bowker gave a shared presentation on the PCI Technology Update.

One interesting statistic shared is that only 1 in 9 companies could meet PCI standards the year after they had been declared PCI compliant, which shows that more emphasis needs to be placed on maintaining compliance. Currently, many vendors are placing too much reliance on annual assessments, failing to adapt to new changes, and putting compliance aside to meet other business needs.

Chris Novak, the Managing Principal of Global Investigative Response from Verizon, further elaborated on the Verizon Data Breach Incident Report 2014, and included some most-welcomed additional statistics not included in the report. One of the things he said he hears often is that a lot of people who suffer breaches ask why they were targeted, when their competitors seem to be more lucrative targets. Novak’s answer is simple: you were simply more vulnerable. 73-75% of breaches are opportunistic in nature, and hackers are not above going for low-hanging fruit.

One of the show highlights, though, had to have been the appearance of the new GM for the PCI Council, Stephen Orfei. Taking the stage to the tune of Eminem’s ‘Lose Yourself’, Stephen was quick to dismiss the notion of EMV chip cards as the silver bullet America is waiting for, and that card-not-present transactions are just as at risk as ever.

Orfei also addressed the demand for a PCI DSS for the mobile territory- while it’s incredibly difficult to create a standard for the platform, it’s one of their key focuses, and while a standard may be some time away, guidelines might be something closer in the horizon.

All in all, it was a great conference- we got to touch base with existing contacts, and make many new ones as well. We’re looking forward to next year’s PCI Asia Pacific Community Meeting in Tokyo so much, we’re picking up Japanese. こんにちは!

Who Controls Our Data? A Common Theme at the MasterCard Academy of Risk Management

With online credit card fraud only continuing to rise, the latest MasterCard Academy of Risk Management event reminded us that the only way to fight this threat is together as an industry.

Kicking off the Asia Pacific segment of the event series in Kuala Lumpur, Malaysia, the General Counsel and Chief Franchise for MasterCard, Tim Murphy, reminded us that EMV and Tokenisation are important tools in the fight against hacking. This advice is particularly relevant for retail given the number of major US retail chains suffering a credit card data breach recently.

Balance was a key theme that was stressed throughout the conference; Tim and the other event speakers reiterated that that businesses need to earn the trust of their consumers through a sense of security, but at the same time this should not get in the way of them providing a quality customer service experience.

The Senior Regional Counsel for Privacy Data at MasterCard, Derek Ho, also emphasized the need for balance when dealing with sensitive data, asking hard-hitting questions like where the line should be drawn when deciding who gets to control data, and to what degree.

The lucky winner of our iPad Mini giveaway, Poon Hoe Meng

Derek spoke at length about the laws and penalties countries are adopting to force companies to take data protection more seriously. He strongly believes that more data breach laws are on the horizon, and that Japan is a country worth keeping an eye on, as they try to find a balance between using data in a big data world and respecting the individuals right to control the use of data.

Representatives from law enforcement also presented and revealed the current cyber crime trends, even giving insights into the minds of internet criminals. The Detective Chief Inspector attached to the Counterfeit & Forgery Section of the Hong Kong Police, Ian Cowieson, shared the alarming statistic that Card Not Present online fraud has an abysmal 4% detection rate. Rebecca Ledingham from Interpol shared profiles of malware developers they have caught, and the fact that they all share very similar backgrounds and psychological patterns. So the good news is the bad guys are being actively chased by international law enforcement. The bad news is that new criminals are surfacing all the time given the high ROI a successful data breach can generate.

Ground Labs supported the Mastercard event as a sponsor and contributed to the knowledge exchanging throughout the event. As the broader industry knows well, the Asia region is lagging far behind its European and North American counterparts for security compliance initiatives due to a lack of compliance enforcement. However, given the level of interest shown towards PCI compliance and data privacy by attendees, it’s a positive sign that sensitive data security & protection will be given the attention it deserves by businesses in the region, once more compromises are announced in the public domain through mandatory data breach disclosure.

On the heels of last week’s solid event, MasterCard is getting ready for the next leg of the MasterCard Academy of Risk Management series, which will be held in Dublin, Ireland, from September 29 to October 2, 2014. The event is set to cover a wide range of important topics such as European fraud trends and data security threats impacting the region.

Ground Labs will once again be attending and sponsoring the event, and we are looking forward to more great learning and sharing opportunities with other industry professionals.

PCI London January 2014

With the recent announcements from some major US retailers suffering a data breach over the December – January holiday period, this year’s PCI London event came at just the right time.

As expected, a great deal of discussion revolved around these recent US data breaches and it was also the first PCI London to occur since the PCI DSS 3.0 draft standard was released

PCI London Plenary Session

last year. All these factors combined resulted in the largest number of attendees since the event started 5 years ago, drawing over 400 end-user delegates and a maxed-out vendor showcase floor.

Presentations throughout the day covered a variety of topics starting with Jeremy King from the PCI Security Standards Council discussing the applicability of PCI Compliance in a world that is continually changing.

Ron Khalifa from Worldpay gave an aquirers perspective on PCI compliance, discussing

PCI London Vendor Showcase

the challenges of assisting a large customer base become PCI compliant and later in the day, Chris Mark from AT&T gave the keynote address reflecting on his 10+ years in PCI compliance. We all know of Chris from his days running the famous PCI Answers portal which eventually became the Aegenis Group with Mike Dahn and team.

Ground Labs Education Session – Cardholder Data

Ground Labs presented on the latest Cardholder Data Discovery strategies with particular focus on the ability for Card Recon and Enterprise Recon to search system memory as a combat against memory scraping malware used in the recent US data breaches. There was considerable interest in Card Recon 2.0’s latest features which included Cloud Storage scanning and Remediation using Cardholder Data Masking.

On the main floor Ground Labs along with many of our

Cardholder data discovery demos at PCI London

partners and friends including Nettitude, Veritape and YesPay were networking with the attendees, answering questions about PCI compliance and Cardholder Data Discovery whilst giving live demonstrations of Card Recon and Enterprise Recon.

The day finished off on a high note with John Elliott from Visa Europe giving an

John Elliott from Visa Europe on PCI DSS 3.0

entertaining Q&A session on PCI DSS 3.0 answering questions like Is Visa PCI DSS 3.0 Compliant? (Of course not… The standard has barely had time to breathe) through to What is the biggest impact PCI DSS 3.0 has on merchants.

John answered every question in his unique and fun manner with plenty of laugh’s being heard throughout the audience. It was clearly the most engaging presentation we have ever seen in the final time slot of PCI London and hopefully will encourage more attendees to hold back until the very end next year if we can encourage John to speak again in this format.

On a historical note, John used to be a QSA and was one of Card Recon’s greatest supporters, and provided fantastic product feedback which has helped Card Recon become the tool it is today.

The next PCI London event will be held on July 1, 2014. Please visit the PCI series event website for more information.

PCI SSC European Community Meeting Dublin – October 2012

The PCI SSC European Community Meeting was held in Dublin Ireland at RDS.

The PCI SSC European Community Meeting was held in Dublin Ireland at RDS.

Following on from the North America Community Meeting held in Orlando last month, the Ground Labs team traveled onto Dublin where the PCI council held it’s European Community Meeting at the Royal Dublin Society (RDS).

Whilst this was a smaller event compared to it’s North American counter-part, there were still over 500 attendees including a large number of QSA’s present from all parts of Europe and a small delegation from the Asia Pacific region.

Jeremy King on stage at the European Community Meeting

Jeremy King on stage at the European Community Meeting

As always the PCI council’s European Director Jeremy King lead this event and highlighted the rapid advancement of PCI Compliance across Europe including the high level of involvement from European stakeholders involved with the council.

The special guest speaker for Europe this year was Mark Gallagher of Status Grand Prix. Mark provided an interesting presentation highlighting many lessons he has learned throughout his F1 career.

Mark Gallagher of Status Grand Prix presents on how managing an F1 team is similar to a security team upholding PCI compliance.

Mark Gallagher of Status Grand Prix presents on how managing an F1 team is similar to a security team upholding PCI compliance.

Mark was able articulate how many of the challenges his team’s have faced are similar to problems we as a Payment Card Industry are challenged by on a constant basis. It was very clear by the end of the presentation that no matter whether you are responsible for securing payment cardholder data, leading an F1 team to victory or running any other type of business, the importance of sound risk management, team building, or ensuring a focus on your client’s needs are important elements to achieving success.

The agenda was similar to North America with topics covered on the Council’s current initiatives including Point-to-Point Encryption, Qualified Integrators and Resellers (QIR), and the new Payment Card Industry Professional Program (PCIP).

Also presenting on stage was Nick Percoco of Spiderlabs who provided insights into current mobile security threats. Nick provided a series of live demonstrations showing exploits in

Whilst visiting our team enjoyed seeing the city sights of Dublin

Whilst visiting our team enjoyed seeing the city sights of Dublin

Vigitrust hosted the welcome party at Cafe En Seine in Dublin

Vigitrust hosted the welcome party at Cafe En Seine in Dublin

both Apple and Android mobile operating systems. In one particular demo Nick demonstrated an Android exploit whereby the login page of popular apps such as mobile internet banking or Facebook could be overlaid with a fake login page designed to capture and transmit login information to a remote host. Ironically after contacting Google to alert them about this potential exploit, Google’s response was that it is a feature and will not be fixed! The mobile world clearly plenty of attack vectors that will continue to be exploited, particularly as the growth of smart phones and tablets is predicted to hit 2 billion devices by 2015 (that’s a little over 2 years away..)

As with many of the PCI SSC’s events there were some great party’s held at the end of each day. On day #1 (22/10), Vigitrust held a welcome after-party at Cafe En Seine in the heart of Dublin. This french-themed cafe/bar venue offered all delegates the opportunity to meet in relaxed setting over local beers and wine. On the final evening Vendorcom held a final party at the world renowned Guinness Store-House.

The Vendercom after party held at the Guinness Store-House

The Vendercom after party held at the Guinness Store-House

The Guinness Beer Making Process

The Guinness Beer making process on display at the Guinness Store-House

The night included a brief tour on the way up to the event room showing when the Guinness Brewery started and how Guinness Beer is made. And of course almost everyone was drinking the dark stuff all night and enjoying it too (as the photos will show!).

Back at the event, Ground Labs along with a strong showcase of over 30 PCI compliance vendors were present for attendees to visit over the 2 main days of the event. Other vendors present included Airtight Networks, Xypro, Alert Logic, Vormetric, Aperia Solutions, Voltage Security, Cisco, Vigitrust, Comforte, Verizon, Control Case, Veritape, Dell Secureworks, Verifone, Firehost, Trustwave, Fishnet Security, Sysnet Global Solutions, Foregenix, SSH Communications Security, IOActive, Semafone, iScanOnline, Security Metrics, Liaison Technologies, SAINT, Mako Networks, Protegrity, Pixalert, and NNT Security.

PCI SSC Europe Community Meeting - iPhone5 Winner

The happy iPhone5 Winner – Kunal Taneja from AFS

And finally, a special congratulations must go to Kunal Taneja from AFS who was the the lucky winner of our iPhone 5 prize draw. Congratulations Kunal and watch out for that new Apple maps app!

To view all the event photos please logon to Facebook page and give us the Thumbs Up on anything you liked. Direct Facebook links are shown below:

Main event photos | Vigitrust party photos | Vendorcom party photos

Alternatively the photos are also available on flickr:
Main event photos | Vigitrust party photos | Vendorcom party photos

PCI SSC North America Community Meeting Orlando – September 2012

The PCI Security Standards Council held it’s 6th annual

Disney's Dolphin resort - home to the 6th PCI SSC annual community meeting

Disney’s Dolphin resort at Disney World in Orlando

community meeting, this year at the Dolphin Resort in Disney World on September 12th – 14th.

Over 1,000 attendees were present over this multi-day event consisting primarily of QSA’s and PCI participating organisations including payment processors, large

September 2012 - PCI SSC Orlando

PCI SSC North America Community Meeting – A Mountaineering Bob Russo delivers a warm welcome to all.

retailers, airlines, telco’s and a variety of other industry categories where PCI compliance is a critical part of staying in business.

Bob Russo the PCI SSC general manager opened the event up as always with a fun and quirky theme, this year focussed on mountaineering with yodeling added for affect and reminded all delegates about the importance of working together as an industry to fight the ever

PCI Security Standards Council Community Meeting Attendees

Over 1,000 attendees were in attendance at this year’s PCI SSC Community Meeting

persistent threat of fraud stemmed from security breaches involving cardholder data.

The mountaineering topic moved nicely to welcome the event’s guest of honor, Jamie Clarke who delivered the keynote address “Above All Else”. Jamie told a story of his climb to Mount Everest and how everyone should set audacious goals or “Your summit” as he called it and then go for it. A great motivational moment for all in attendance.

At the event generally there was plenty

PCI SSC General Manager - Bob Russo

Bob stopping by to say Hi! – Bob Russo (General Manager, PCI SSC) and Mo Zouine (EMEA Director, Ground Labs)

of talk about the Council’s current initiatives including Point-to-Point Encryption, Qualified Integrators and Resellers (QIR), and the new Payment Card Industry Professional Program (PCIP). At various times throughout the event council representatives presented on stage and participated in panels which including Leon Fell (Director, Solution Standards), Lauren Hollaway (Director, Data Security Standards), Philip Jones (Standards Manager), Emma Sutcliffe (Standards Manager), Gill Woodcock (Director, Certification Programs), Troy Leach (CTO) and Ralph Spencer Poore (Director, Emerging Standards).

Many will be interested to know that the next version of the PCI Data Security Standard, PCI DSS 3.0 will be released in 2013 as part of the ongoing evolution and improvement of the standards.

A strong showcase of over 50 PCI compliance vendors were present for attendees to visit over the 2 final days of the event including AT&T, Bit9, Catbird ,Centrify, CloudPassage, ComForte 21, ControlScan, Cryptera, CSR, Element Payment Services, First Data, RSA, Fishnet Security, Halock Security Labs, Hytrust, Intel Corporation, IOActive, iScan Online, K3DES, Mako Networks, Mechant Link,

Cardholder Data Discovery Display by Ground Labs at the PCI Council's North America Community Meeting

Things were non-stop at the Ground Labs display stand throughout the 2 day vendor showcase!

nCircle, Panoptic Security, PSC, Rapid7, Reliant Security, SAINT, SecureConnect, Semafone, Solutionary, Specialised Security Services, SSH Communications Security, Sunera, Terra Verde Services, Unified Compliance, Vanguard Integrity Professionals, Verifone, Callguard, Verizon, Voltage Security, ZZ Severs, Veritape, Protegrity, Shift4, Firehost, Vigitrust, ControlCase, Foregenix, Semafone, Security Metrics, Trustwave, SSH, Pixalert, XBridge, XYPro, Cisco,

The Corporate Development Team from Ground Labs - The leaders in cardholder data discovery.

The Ground Labs Corporate Dev Team! – Steve (Global), Mo (EMEA), Russell (US)

Sysnet Global Solutions, Airtight Networks, Accuvant, TSYS, SISA, Proviti and of course Ground Labs with our live interactive display showcasing cardholder data discovery for merchants and QSAs.

For complete event photos please click here

PCI London – July 2012

Yet another successful PCI London

A captivated audience at PCI London

The PCI London audience consisted of over 350 senior stakeholders from some of the UK’s largest companies

event for the Ground Labs EMEA team, held at the Victoria Park Plaza in London as always.

It’s always interesting to speak with the delegates in attendance, many of whom attended previous PCI London events yet continue to face challenges either implementing PCI compliance or maintaining PCI Compliance, often due to

Ground Labs Director - Stephen Cavey

Global Director of Corporate Development for Ground Labs – Stephen Cavey

operational, political or budgetary issues.

This time round we changed track from our mainstream cardholder data discovery presentation and had our global Director of Corporate Development, Stephen Cavey deliver a presentation titled “Show me the proof and i’ll show you the money. Engaging CXO buy-in to

Lucky person win's an iPad 3!

The lucky iPad3 Winner!

your PCI compliance initiatives”. The presentation aimed at delivering exactly what the title suggests – ways to win back those budgets that supported your PCI compliance efforts which for many, are now gone.

We have met many PCI compliance champions who have said one of the biggest challenges in moving forward with compliance initiatives continues to be budget. Not necessarily due to

The EMEA team at Ground Labs

The Ground Labs Team! – Stephen Cavey (Global Director), Jessica Hagley (EMEA Marketing), Mo Zouine (EMEA Director)

economic climate but often due to the previous PCI compliance project failures which missed deadlines and delivered no tangible value that the business could recognise. It was for this reason we decided to build a presentation based on our all of our own learnings through working with many global organisations of all shapes an sizes and having seen both successful and failed PCI compliance projects in action.

Later in the day Stephen went on to deliver some focussed education sessions on implementing and using Enterprise Recon for network wide cardholder data discovery across multi-site environments.

Also in attendence at the event was the familiar and friendly group of PCI compliance vendors including Protegrity, Veritape, LogRhythm, Forgenix, Verizon, Semafone, Sysnet, and IP Payments.

For complete event photos click here

HFTP / HITEC Baltimore – June 2012

After successful events in Europe and the Middle East,

Baltimore Convention Center - Home to HITEC 2012.

HITEC 2012 – held at the Baltimore Convention Centre

Ground Labs participated in the HFTP HITEC 2012 event in Baltimore Maryland in the United States. We were welcomed with warm weather at the Convention Center in downtown Baltimore.

The renowned event is the largest hotel and hospitality technology event in the world was well attended with attendees coming from dozens of countries representing both the financial and technical disciplines. Participants were eager to share their worries and questions on PCI DSS. We can see this is topic of concern in the Hospitality industry. The common discussion was how to find the cardholder data that they knew was in their environments. We often heard that common business practices and the efforts to accommodate guests were often the very causes for cardholder data being stored unprotected.

Camden Yard - Baltimore Orioles vs the Angles

Next door to HITEC was Camden Yard where our team watched the Baltimore Orioles play baseball against the Los Angeles Angels!

The Hospitality industry has had some news worthy breaches in the past year. The potential exposure had most organizations looking for ways to minimize the impact of a breach. The level of interest and the types of questions made it clear that PCI compliance was becoming an important requirement for their operations.

The lucky winner of the Ground Labs iPad 3 for this event was John Kandrovy from Woodloch Pines Inc. Congratulations John!

Special thanks to innRoad for the special invitation to join them in their Suite at Camden Yards to watch the Baltimore Orioles play baseball against the Los Angeles Angels.

We are looking forward to returning to HITEC next year at Minneapolis!