Workshop - Protecting Consumer Data: Securing Payment and Transaction Information

Monday, March 21, 2016

Cybersecurity incidents affecting consumer-facing businesses threaten the financial security of companies and the public, weakening consumer confidence, eroding individual privacy protections, and damaging the brand value and reputation of businesses.

Join the National Cybersecurity Center of Excellence (NCCoE) for a public workshop to help consumer-facing businesses improve the security around their payment ecosystem and better protect consumer information. Dive into technical issues, architectures, standards, and best practices surrounding multifactor authentication of online transactions and secure handling of sensitive, non-credit card consumer data with some of the brightest minds in this area.

Ultimately, your participation and expertise will result in a challenge statement that will form a new applied cybersecurity project at the NCCoE and lead to a NIST Cybersecurity Guide (Special Publication 1800 series).

Registration for this event is now closed. Find out more about walk-in registrations.  

For those who have registered, you should have received a confirmation email with details on logistics, including Wi-Fi and parking. You may also view that information online.


Date: March 22, 2016
Location: University of Alabama, Birmingham, 1400 University Boulevard, Hill Student Center, 3rd floor Ballroom, Birmingham, AL 35233


Please note: all times below are in Central Time.

8:30 a.m. – 9:00 a.m. - Coffee & Registration

9:00 a.m. – 9:15 a.m. - Welcome: Dean Palazzo, University of Alabama at Birmingham

9:15 a.m. – 9:45 a.m. - NCCoE Opening Remarks: Nate Lesser, Deputy Director, NCCoE

9:45 a.m. - 10:15 a.m. - Keynote Session: Brian Engle, Executive Director, R-CISC

10:15 a.m. – 11:30 a.m. - Panel Discussion: Combating Online Fraud – Multifactor Authentication for e-Commerce Transactions

Moderator: Mike Garcia, Deputy Director, NSTIC


  • Charles Bretz, Director of Payment Risk, Financial Services Information Sharing and Analysis Center (FS-ISAC)
  • Scott Frost, Chief Information Security Officer, Belk
  • Dr. Robert Martin, Vice President, Security Solutions, North America/Ingenico Group
  • Andrew Whelchel, Senior Technology Consultant, Fraud and Risk Intelligence, RSA  

11:30 a.m. – 11:45 a.m. - Break

11:45 a.m. – 1:00 p.m. - Panel Discussion: Safeguarding the Customer Profile – Secure Handling of Sensitive, Non-Credit Card Consumer Data

Moderator: Brian Abe, Project Lead, NCCoE/MITRE


  • Gerald Beuchelt, Chief Security Officer, Demandware
  • George Rice, Senior Director of Payments, HPE Security – Data Security
  • Jake Marcinko, Standards Manager, PCI Security Standards Council
  • Justin Simpson, Senior Manager, IT Risk & Security Governance Team, Walmart

1:00 p.m. – 2:00 p.m. - Lunch

2:00 p.m. – 3:15 p.m. - Technical Breakout Sessions

3:15 p.m. – 3:45 p.m. - Breakout Session Summaries/Prioritization of Topics

3:45 p.m. – 4:00 p.m. - Closing Remarks         


DoubleTree (next to the campus)
808 South 20th Street, Birmingham, Alabama, 35205

Residence Inn (next to campus)
821 20th St S, Birmingham, AL 35205

These listings are for information purposes only; they do not serve as an endorsement. There are other hotels very close to the UAB-Birmingham campus, including a Courtyard Marriott, Springhill Suites, etc.


As a result of conversations with consumer-facing businesses and associations, the NCCoE is proposing two technical projects to demonstrate the business value of more secure payment technologies/processes and more secure handling of consumer information. The NCCoE has worked closely with industry to prioritize their cybersecurity challenges as they relate to these areas. This highly interactive workshop will help finalize the challenge statements and begin to develop potential architectures for these projects, resulting in an initial white paper containing a detailed project description. Ultimately, the NCCoE will develop an example solution and publish that information in a NIST Cybersecurity Practice Guide, which provides detailed information on how to implement the solution.

Who Should Attend and Why

Executives at consumer-facing organizations should attend to share information on business drivers and constraints that would be relevant to any example solution.

Technical experts at consumer-facing organizations and payment ecosystem vendors – hardware, software, processors, financial institutions, etc. – should attend to provide critical technical information.

The consumer-facing/retail sector makes up the backbone of the American economy. This workshop will hone in on a technical cybersecurity challenge facing this sector and lay the groundwork for developing an example solution. Be part of the conversation to develop a challenge statement that incorporates your insight and expertise.


This event is graciously sponsored by

 HPE logo