Key Recommendations from the Verizon 2014 PCI Compliance Report


Published on

The recently released Verizon 2014 PCI Compliance Report found that payment card breaches often result from a failure to implement compliance and security measures. Based on findings from hundreds of PCI assessments, Verizon’s team of PCI quality security assessors developed a list of recommendations to help organizations achieve and maintain PCI compliance by making it a part of everyday business operations. You may download the full report here:

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Key Recommendations from the Verizon 2014 PCI Compliance Report

  1. 1. MAINTAINING PCI COMPLIANCE Key recommendations from the Verizon 2014 PCI Compliance Report Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
  2. 2. 88.9% In 2013, most companies failed their Payment Card Industry Data Security Standard (PCI DSS) baseline assessment 3
  3. 3. How can you maintain PCI compliance? 4
  4. 4. Five steps 1 Allocate resources 2 Actively maintain compliance 3 Put it in a wider context 4 Leverage it as an opportunity 5 Focus on scoping 5
  5. 5. Five steps 1 2 3 4 Allocate resources PCI compliance takes time, money, and executive sponsorship. You can help manage this extra workload by outsourcing security activities or business processes. 5 6
  6. 6. Five steps 1 2 3 4 5 Actively maintain compliance There are thousands of tasks that an organization needs to do throughout the year to stay compliant. Compliance needs to be embedded in “business as usual”. 7
  7. 7. Five steps 1 2 3 4 5 Put it in a wider context Putting your PCI compliance strategy within your larger governance, risk and compliance strategy can help minimize control overlap, strengthen security and reduce your workload. 8
  8. 8. Five steps 1 2 3 4 5 Leverage it as an opportunity Many organizations measure the TCO of compliance; but not the ROI. Look for ways you can use compliance activities to drive process improvements, consolidate infrastructure, and generate additional equity. 9
  9. 9. Five steps 1 2 3 4 5 Focus on scoping Reducing the “scope” of your environment is the only way to keep compliance programs practical. First, store less cardholder data on fewer systems. Then focus on isolating systems to take them out of scope. 10
  10. 10. Business efficiency Rationalize processes, enhance internal communication and governance IT efficiency Consolidate and update infrastructure for better performance, business continuity and control of costs Greater innovation Drive adoption of cloud, end-to-end encryption, and other technologies (and finally free yourself from Windows XP) 11
  11. 11. Want to learn more? Download the full report PCI Report picture 12