Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Webinar - Finance Services PCI Compliance: How compliant is your payment security?

818 views

Published on

Ever wonder how you stack up on PCI compliance? Hear from the payment security experts behind our latest report and get the insight you need to manage risk and improve payment security. Discover the challenges organizations like your face and how to improve your security controls.
To learn more about PCI compliance and the Verizon 2017 PCI report, visit
http://www.verizonenterprise.com/verizon-insights-lab/payment-security/2017/

Published in: Technology
  • Be the first to comment

Webinar - Finance Services PCI Compliance: How compliant is your payment security?

  1. 1. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Verizon 2017 Payment Security Report. Finance and Insurance Webinar Tuesday, September 19th
  2. 2. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizon's service. © 2017 Verizon. All rights reserved. The Verizon name and logo and all other names, logos and slogans identifying Verizon's products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners. 2 Proprietary statement
  3. 3. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Please advance to the next slide where you can watch the video. The total slide deck is available for your reference after the video. Thank you. 3
  4. 4. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 4 Payment Security Experts Rodolphe Simonetti Global Managing Director Security Assurance Consulting Verizon Enterprise Solutions Ron Tosto Global Sr. Manager Payment Security Practice Verizon Enterprise Solutions Matt Arntsen Principal Consultant Payment Security Practice Verizon Enterprise Solutions Ciske Van Oosten Senior Manager Payment Security Practice Verizon Enterprise Solutions
  5. 5. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. The 2017 Payment Security Report. • This report provides a thorough investigation of the challenges of securing customers’ payment data. • It examines the state of payment security, and looks at what needs to improve. • Based on our PCI assessments, the report explores compliance with PCI DSS in great detail, and is an invaluable resource for security and compliance professionals. 5
  6. 6. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 6 There’s good news: full compliance continued its upward progression. But still almost half of organizations analyzed failed to maintain compliance.
  7. 7. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Compliance for Financial Services
  8. 8. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Industry Comparison: Financial Services Full compliance by region Americas 35.0% Europe 58.3% Asia Pacific 81.8% Full Compliance by industry: All 55.4% Financial Services 59.1% Second best Retail 50.0% Hospitality 42.9% IT Services 61.3% Best
  9. 9. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 9 DSS Requirement 1 Install and maintain a firewall configuration Financial Retail Hospitality IT Services Req 1 3.7% 13.6% 3.6% 2.4% 3.7% 13.6% 3.6% 2.4% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% %ControlsNotinPlace Financial Retail Hospitality IT Services Req 1 96.3% 86.4% 96.4% 97.6% 96.3% 86.4% 96.4% 97.6% 70.0% 75.0% 80.0% 85.0% 90.0% 95.0% 100.0% %ControlsinPlace Best Worst In place Control gap
  10. 10. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. DSS Requirement 2 Do not use vendor-supplied defaults 10 Financial Retail Hospitality IT Services Req 2 6.1% 15.2% 4.9% 4.1% 6.1% 15.2% 4.9% 4.1% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% %ControlsNotinPlace Financial Retail Hospitality IT Services Req 2 93.9% 84.8% 95.1% 95.9% 93.9% 84.8% 95.1% 95.9% 70.0% 75.0% 80.0% 85.0% 90.0% 95.0% 100.0% %ControlsinPlace Best Worst In place Control gap
  11. 11. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. DSS Requirement 3 Protect stored cardholder data 11 Financial Retail Hospitality IT Services Req 3 7.8% 21.5% 8.5% 3.9% 7.8% 21.5% 8.5% 3.9% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% %ControlsNotinPlace Financial Retail Hospitality IT Services Req 3 92.2% 78.5% 91.5% 96.1% 92.2% 78.5% 91.5% 96.1% 70.0% 75.0% 80.0% 85.0% 90.0% 95.0% 100.0% %ControlsinPlace Best Worst In place Control gap
  12. 12. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. DSS Requirement 4 Protect data in transit 12 Financial Retail Hospitality IT Services Req 4 7.4% 23.0% 7.8% 9.7% 7.4% 23.0% 7.8% 9.7% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% %ControlsNotinPlace Financial Retail Hospitality IT Services Req 4 92.6% 77.0% 92.2% 90.3% 92.6% 77.0% 92.2% 90.3% 70.0% 75.0% 80.0% 85.0% 90.0% 95.0% 100.0% %ControlsinPlace Best Worst In place Control gap
  13. 13. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. DSS Requirement 5 Protect against malicious software 13 Financial Retail Hospitality IT Services Req 5 2.2% 9.8% 0.4% 1.9% 2.2% 9.8% 0.4% 1.9% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% %ControlsNotinPlace Financial Retail Hospitality IT Services Req 5 97.8% 90.2% 99.6% 98.1% 97.8% 90.2% 99.6% 98.1% 70.0% 75.0% 80.0% 85.0% 90.0% 95.0% 100.0% %ControlsinPlace Best Worst In place Control gap
  14. 14. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. DSS Requirement 6 Develop and maintain secure systems 14 Financial Retail Hospitality IT Services Req 6 3.7% 16.3% 6.6% 0.6% 3.7% 16.3% 6.6% 0.6% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% %ControlsNotinPlace Financial Retail Hospitality IT Services Req 6 96.3% 83.7% 93.4% 99.4% 96.3% 83.7% 93.4% 99.4% 70.0% 75.0% 80.0% 85.0% 90.0% 95.0% 100.0% %ControlsinPlace Best Worst In place Control gap
  15. 15. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. DSS Requirement 7 Restrict access 15 Best Worst Financial Retail Hospitality IT Services Req 7 1.1% 4.2% 1.3% 0.3% 1.1% 4.2% 1.3% 0.3% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% %ControlsNotinPlace Financial Retail Hospitality IT Services Req 7 98.9% 95.8% 98.7% 99.7% 98.9% 95.8% 98.7% 99.7% 70.0% 75.0% 80.0% 85.0% 90.0% 95.0% 100.0% %ControlsinPlace In place Control gap
  16. 16. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. DSS Requirement 8 Authenticate access 16 Best Worst Financial Retail Hospitality IT Services Req 8 3.4% 9.6% 7.4% 1.2% 3.4% 9.6% 7.4% 1.2% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% %ControlsNotinPlace Financial Retail Hospitality IT Services Req 8 96.6% 90.4% 92.6% 98.8% 96.6% 90.4% 92.6% 98.8% 70.0% 75.0% 80.0% 85.0% 90.0% 95.0% 100.0% %ControlsinPlace In place Control gap
  17. 17. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. DSS Requirement 9 Control physical access 17 Best Worst Financial Retail Hospitality IT Services Req 9 1.6% 13.3% 6.6% 2.8% 1.6% 13.3% 6.6% 2.8% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% %ControlsNotinPlace Financial Retail Hospitality IT Services Req 9 98.4% 86.7% 93.4% 97.2% 98.4% 86.7% 93.4% 97.2% 70.0% 75.0% 80.0% 85.0% 90.0% 95.0% 100.0% %ControlsinPlace In place Control gap
  18. 18. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. DSS Requirement 10 Track and monitor access to networks and cardholder data 18 Best Worst Financial Retail Hospitality IT Services Req 10 5.3% 11.7% 2.0% 4.2% 5.3% 11.7% 2.0% 4.2% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% %ControlsNotinPlace Financial Retail Hospitality IT Services Req 10 94.7% 88.3% 98.0% 95.8% 94.7% 88.3% 98.0% 95.8% 70.0% 75.0% 80.0% 85.0% 90.0% 95.0% 100.0% %ControlsinPlace In place Control gap
  19. 19. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 19 DSS Requirement 11 Test security systems and processes Best Worst Financial Retail Hospitality IT Services Req 11 10.6% 16.2% 6.9% 5.5% 10.6% 16.2% 6.9% 5.5% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% %ControlsNotinPlace Financial Retail Hospitality IT Services Req 11 89.4% 83.8% 93.1% 94.5% 89.4% 83.8% 93.1% 94.5% 70.0% 75.0% 80.0% 85.0% 90.0% 95.0% 100.0% %ControlsinPlace In place Control gap
  20. 20. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 20 DSS Requirement 12 Maintain an information security policy Best Worst Financial Retail Hospitality IT Services Req 12 4.4% 11.1% 7.6% 2.2% 4.4% 11.1% 7.6% 2.2% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% %ControlsNotinPlace Financial Retail Hospitality IT Services Req 12 95.6% 88.9% 92.4% 97.8% 95.6% 88.9% 92.4% 97.8% 70.0% 75.0% 80.0% 85.0% 90.0% 95.0% 100.0% %ControlsinPlace In place Control gap
  21. 21. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Financial services 2. Do not use vendor supplied defaults What can you do? • Remove unnecessary services, functionality and user accounts. • Change the default username and passwords on all your devices. 11. Test security systems/ processes 12.Maintain an information security policy Control gap What can you do? • Use vulnerability scanning, penetration testing, file integration monitoring and intrusion detection to help identify and address weaknesses. What can you do? • Establish, update, and communicate effective security policies and procedures. • Align these with the results of regular risk assessments to help address any weaknesses. 42
  22. 22. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 22 Bottom 20 Controls: Requirement 2 RETAIL 20 10.7 79.2% 19 6.2 79.3% 18 12.6 78.7% 17 6.3 79.1% 16 9.9 76.0% 15 3.5 77.5% 14 11.2 76.8% 13 12.2 76.5% 12 2.3 75.5% 11 3.4 76.3% 10 10.8 72.7% 9 3.1 71.8% 8 9.10 70.6% 7 12.7 70.6% 6 3.6 70.7% 5 3.7 70.7% 4 9.5 67.9% 3 4.1 66.7% 2 4.2 66.7% 1 6.6 60.0% HOSPITALITY 20 12.10 91.0% 19 2.5 90.0% 18 8.4 90.5% 17 9.10 90.5% 16 8.8 90.5% 15 3.3 88.9% 14 8.6 90.5% 13 6.7 90.0% 12 11.3 88.6% 11 12.6 89.7% 10 9.6 88.3% 9 12.2 88.1% 8 4.3 85.7% 7 9.2 87.3% 6 12.8 85.0% 5 3.1 84.4% 4 6.3 84.4% 3 12.9 88.9% 2 9.9 80.4% 1 6.6 75.0% I.T. SERVICES 20 12.10 95.5% 19 1.1 95.3% 18 3.5 95.1% 17 11.3 94.9% 16 6.2 94.8% 15 2.3 94.7% 14 12.6 94.6% 13 3.2 94.1% 12 11.2 94.0% 11 4.3 93.3% 10 10.3 93.1% 9 11.5 92.9% 8 10.2 92.6% 7 11.4 91.7% 6 10.1 89.7% 5 9.5 89.3% 4 3.4 88.1% 3 4.1 87.3% 2 4.2 87.3% 1 9.9 N/A FINANCIAL 20 11.5 93.3% 19 2.3 93.2% 18 12.2 93.1% 17 11.4 92.8% 16 2.2 92.7% 15 12.6 92.7% 14 12.8 92.3% 13 6.2 92.2% 12 3.2 91.8% 11 8.7 91.7% 10 3.5 91.1% 9 4.1 91.1% 8 4.2 91.1% 7 3.4 89.6% 6 11.2 86.4% 5 3.1 89.1% 4 6.6 88.2% 3 12.9 87.3% 2 9.9 85.9% 1 11.3 84.2% It is mainly Control 2.3 - Encrypt non-console administrative access that organizations struggle with. Over 90% of Financial Services organizations had their Requirement 2 controls in place during interim validation. In comparison, only 75.5% of retail organizations had Control 2.3 in place during interim validation.
  23. 23. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 23 Bottom 20 Controls: Requirement 11 RETAIL 20 10.7 79.2% 19 6.2 79.3% 18 12.6 78.7% 17 6.3 79.1% 16 9.9 76.0% 15 3.5 77.5% 14 11.2 76.8% 13 12.2 76.5% 12 2.3 75.5% 11 3.4 76.3% 10 10.8 72.7% 9 3.1 71.8% 8 9.10 70.6% 7 12.7 70.6% 6 3.6 70.7% 5 3.7 70.7% 4 9.5 67.9% 3 4.1 66.7% 2 4.2 66.7% 1 6.6 60.0% HOSPITALITY 20 12.10 91.0% 19 2.5 90.0% 18 8.4 90.5% 17 9.10 90.5% 16 8.8 90.5% 15 3.3 88.9% 14 8.6 90.5% 13 6.7 90.0% 12 11.3 88.6% 11 12.6 89.7% 10 9.6 88.3% 9 12.2 88.1% 8 4.3 85.7% 7 9.2 87.3% 6 12.8 85.0% 5 3.1 84.4% 4 6.3 84.4% 3 12.9 88.9% 2 9.9 80.4% 1 6.6 75.0% I.T. SERVICES 20 12.10 95.5% 19 1.1 95.3% 18 3.5 95.1% 17 11.3 94.9% 16 6.2 94.8% 15 2.3 94.7% 14 12.6 94.6% 13 3.2 94.1% 12 11.2 94.0% 11 4.3 93.3% 10 10.3 93.1% 9 11.5 92.9% 8 10.2 92.6% 7 11.4 91.7% 6 10.1 89.7% 5 9.5 89.3% 4 3.4 88.1% 3 4.1 87.3% 2 4.2 87.3% 1 9.9 N/A FINANCIAL 20 11.5 93.3% 19 2.3 93.2% 18 12.2 93.1% 17 11.4 92.8% 16 2.2 92.7% 15 12.6 92.7% 14 12.8 92.3% 13 6.2 92.2% 12 3.2 91.8% 11 8.7 91.7% 10 3.5 91.1% 9 4.1 91.1% 8 4.2 91.1% 7 3.4 89.6% 6 11.2 86.4% 5 3.1 89.1% 4 6.6 88.2% 3 12.9 87.3% 2 9.9 85.9% 1 11.3 84.2% Requirement 11 is still a problem in the Financial Services and I.T Services industries. Control 11.3 Implement penetration testing is the worst performing control in Financial Services (84.2%). It also scored very low the Hospitality industry (88.6%) Control 11.2 scored very low in the Retail industry (only 76.8%)
  24. 24. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 24 Bottom 20 Controls: Requirement 12 RETAIL 20 10.7 79.2% 19 6.2 79.3% 18 12.6 78.7% 17 6.3 79.1% 16 9.9 76.0% 15 3.5 77.5% 14 11.2 76.8% 13 12.2 76.5% 12 2.3 75.5% 11 3.4 76.3% 10 10.8 72.7% 9 3.1 71.8% 8 9.10 70.6% 7 12.7 70.6% 6 3.6 70.7% 5 3.7 70.7% 4 9.5 67.9% 3 4.1 66.7% 2 4.2 66.7% 1 6.6 60.0% HOSPITALITY 20 12.10 91.0% 19 2.5 90.0% 18 8.4 90.5% 17 9.10 90.5% 16 8.8 90.5% 15 3.3 88.9% 14 8.6 90.5% 13 6.7 90.0% 12 11.3 88.6% 11 12.6 89.7% 10 9.6 88.3% 9 12.2 88.1% 8 4.3 85.7% 7 9.2 87.3% 6 12.8 85.0% 5 3.1 84.4% 4 6.3 84.4% 3 12.9 88.9% 2 9.9 80.4% 1 6.6 75.0% I.T. SERVICES 20 12.10 95.5% 19 1.1 95.3% 18 3.5 95.1% 17 11.3 94.9% 16 6.2 94.8% 15 2.3 94.7% 14 12.6 94.6% 13 3.2 94.1% 12 11.2 94.0% 11 4.3 93.3% 10 10.3 93.1% 9 11.5 92.9% 8 10.2 92.6% 7 11.4 91.7% 6 10.1 89.7% 5 9.5 89.3% 4 3.4 88.1% 3 4.1 87.3% 2 4.2 87.3% 1 9.9 N/A FINANCIAL 20 11.5 93.3% 19 2.3 93.2% 18 12.2 93.1% 17 11.4 92.8% 16 2.2 92.7% 15 12.6 92.7% 14 12.8 92.3% 13 6.2 92.2% 12 3.2 91.8% 11 8.7 91.7% 10 3.5 91.1% 9 4.1 91.1% 8 4.2 91.1% 7 3.4 89.6% 6 11.2 86.4% 5 3.1 89.1% 4 6.6 88.2% 3 12.9 87.3% 2 9.9 85.9% 1 11.3 84.2% Requirement 12 remains problematic across most industries. Financial Services struggle with Control 12.9 – service providers – which is in the bottom 3 worst performing controls.
  25. 25. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 25 PCI DSS Compliance by Industry: 2016 Ranked top to bottom per DSS key requirement
  26. 26. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 26 Vertical Industry Top 20 In Place Controls 2016 RETAIL 1 2.6 100.0% 2 12.9 100.0% 3 12.5 100.0% 4 9.3 98.0% 5 5.3 97.9% 6 7.1 97.9% 7 10.5 95.7% 8 11.5 95.7% 9 5.1 95.5% 10 4.3 95.0% 11 1.5 94.1% 12 12.4 94.1% 13 6.1 94.1% 14 9.4 93.8% 15 8.4 93.8% 16 8.8 93.8% 17 7.2 93.5% 18 10.3 92.4% 19 12.1 91.7% 20 8.2 91.5% HOSPITALITY 1 1.3 100.0% 2 5.1 100.0% 3 5.2 100.0% 4 5.3 100.0% 5 8.7 100.0% 6 12.1 100.0% 7 10.2 100.0% 8 7.2 100.0% 9 10.3 100.0% 10 11.4 100.0% 11 2.6 100.0% 12 10.5 99.2% 13 2.1 98.7% 14 7.1 98.4% 15 9.8 97.8% 16 9.1 97.6% 17 10.6 96.6% 18 1.2 96.0% 19 2.2 95.8% 20 6.4 95.9% I.T. SERVICES 1 1.3 100.0% 2 1.5 100.0% 3 2.5 100.0% 4 2.6 100.0% 5 5.3 100.0% 6 5.4 100.0% 7 6.1 100.0% 8 6.4 100.0% 9 6.6 100.0% 10 6.7 100.0% 11 7.2 100.0% 12 7.3 100.0% 13 8.3 100.0% 14 8.4 100.0% 15 8.5 100.0% 16 8.6 100.0% 17 8.7 100.0% 18 8.8 100.0% 19 9.6 100.0% 20 9.7 100.0% FINANCIAL 1 2.6 100.0% 2 5.4 100.0% 3 1.5 100.0% 4 9.4 99.8% 5 9.1 99.7% 6 12.5 99.5% 7 8.4 99.5% 8 9.3 99.5% 9 7.2 99.2% 10 9.6 98.8% 11 7.1 98.7% 12 8.5 98.7% 13 8.8 98.5% 14 2.4 98.5% 15 12.3 98.5% 16 7.3 98.4% 17 9.10 98.4% 18 8.3 98.1% 19 9.2 97.9% 20 5.1 97.8% Top 20 Most compliant I.T Services had significantly more controls that achieved 100% compared to other industries.
  27. 27. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 27 The lifecycle of PCI DSS controls
  28. 28. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Keep your options open. Think of how your controls will adapt to changes in the business and/or IT environment. Resilience is key.
  29. 29. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Make everyone aware of what they need to do. Assign roles, define responsibilities and verify that everyone understands what’s expected of them.
  30. 30. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Keep the ultimate goal in mind. The point of payment security is to safeguard customer data, not just pass an assessment.
  31. 31. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 31 Read Verizon’s 2017 Payment Security Report to get the full picture: VerizonEnterprise.com/PaymentSecurity Verizon Insights Podcast on iTunes Payment security and PCI compliance: What does it mean and how does it help to keep you and your customers safe? Featuring: Mauro Lance, COO – PCI Security Standards Council and Troy Leach, CTO – PCI Security Standards Council Contact us: Paymentsecurity@Verizon.com
  32. 32. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Thank you. Q&A.

×