Post on 21-Jan-2018
transcript
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Verizon 2017 Payment Security Report.Retail and Hospitality Webinar
Wednesday, September 20th
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
This document and any attached materials are the sole property of Verizon and are not to be used by you
other than to evaluate Verizon's service.
© 2017 Verizon. All rights reserved. The Verizon name and logo and all other names, logos and slogans
identifying Verizon's products and services are trademarks and service marks or registered trademarks
and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other
countries.
All other trademarks and service marks are the property of their respective owners.
2
Proprietary statement
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Please advance to the next slide where you can watch the video. The total slide deck is available for your
reference after the video. Thank you.
3
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 4
Payment Security Experts
Franklin Tallah
Sr. Manager
Payment Security Practice
Verizon Enterprise
Solutions
Mark Stachowicz
Principal Consultant
Payment Security Practice
Verizon Enterprise
Solutions
Ciske Van Oosten
Senior Manager
Payment Security Practice
Verizon Enterprise
Solutions
Ron Tosto
Global Sr. Manager
Payment Security Practice
Verizon Enterprise
Solutions
Confidential and proprietary materials for authorized Verizon
personnel and outside agencies only. Use, disclosure or distribution
of this material is not permitted to any unauthorized persons or third
parties except by written agreement.
The 2017 Payment Security Report.
• This report provides a thorough investigation
of the challenges of securing customers’
payment data.
• It examines the state of payment security, and
looks at what needs to improve.
• Based on our PCI assessments, the report
explores compliance with PCI DSS in great
detail, and is an invaluable resource for
security and compliance professionals.
5
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 6
There’s good news: full compliance continued its upward progression.
But still almost half of organizations analyzed failed to maintain compliance.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Payments Acceptance Landscape
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Hospitality
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Retail
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Compliance Statistics -Analysis & Insight
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Industry Comparison
Full Compliance:
All 55.4%
Financial Services 59.1%
Retail 50.0%
Hospitality 42.9% Worst
IT Services 61.3% Best
Fu
ll C
om
plia
nce
: H
osp
ita
lity
Fu
ll C
om
plia
nce
: R
eta
il
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
DSS Requirement 3Protect stored cardholder data
12
Financial Retail Hospitality IT Services
Req 3 7.8% 21.5% 8.5% 3.9%
7.8%
21.5%
8.5%
3.9%
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
% C
on
tro
ls N
ot
in P
lace
Financial Retail Hospitality IT Services
Req 3 92.2% 78.5% 91.5% 96.1%
92.2%
78.5%
91.5%
96.1%
70.0%
75.0%
80.0%
85.0%
90.0%
95.0%
100.0%
% C
on
tro
ls i
n P
lace
In place Control gap
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 13
DSS Requirement 4Protect data in transit
Financial Retail Hospitality IT Services
Req 4 7.4% 23.0% 7.8% 9.7%
7.4%
23.0%
7.8%9.7%
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
% C
on
tro
ls N
ot
in P
lace
Financial Retail Hospitality IT Services
Req 4 92.6% 77.0% 92.2% 90.3%
92.6%
77.0%
92.2%90.3%
70.0%
75.0%
80.0%
85.0%
90.0%
95.0%
100.0%
% C
on
tro
ls i
n P
lace
In place Control gap
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 14
DSS Requirement 5Protect against malicious software
Financial Retail Hospitality IT Services
Req 5 2.2% 9.8% 0.4% 1.9%
2.2%
9.8%
0.4%1.9%
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
% C
on
tro
ls N
ot
in P
lace
Financial Retail Hospitality IT Services
Req 5 97.8% 90.2% 99.6% 98.1%
97.8%
90.2%
99.6% 98.1%
70.0%
75.0%
80.0%
85.0%
90.0%
95.0%
100.0%
% C
on
tro
ls i
n P
lace
In place Control gap
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 15
DSS Requirement 7Restrict access
Financial Retail Hospitality IT Services
Req 7 1.1% 4.2% 1.3% 0.3%
1.1%
4.2%
1.3%0.3%
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
% C
on
tro
ls N
ot
in P
lace
Financial Retail Hospitality IT Services
Req 7 98.9% 95.8% 98.7% 99.7%
98.9%
95.8%
98.7% 99.7%
70.0%
75.0%
80.0%
85.0%
90.0%
95.0%
100.0%
% C
on
tro
ls i
n P
lace
In place Control gap
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Sustaining Payment Card Security
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 17
The lifecycle of PCI DSS controls
Confidential and proprietary materials for authorized Verizon
personnel and outside agencies only. Use, disclosure or distribution
of this material is not permitted to any unauthorized persons or third
parties except by written agreement.
Keep the ultimate goal in mind.
The point of payment security is to safeguard customer data, not just pass an assessment.
Confidential and proprietary materials for authorized Verizon
personnel and outside agencies only. Use, disclosure or distribution
of this material is not permitted to any unauthorized persons or third
parties except by written agreement.
Make everyone aware of what they need to do.
Assign roles, define responsibilities and verify that everyone understands what’s expected of them.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Thank you.Q&A.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 21
Read Verizon’s 2017 Payment Security Report to get the full picture:VerizonEnterprise.com/PaymentSecurity
Verizon Insights Podcast on iTunesPayment security and PCI compliance: What does it mean and how does it
help to keep you and your customers safe? Featuring: Mauro Lance, COO –
PCI Security Standards Council and Troy Leach, CTO – PCI Security
Standards Council
Contact us:
Paymentsecurity@Verizon.com
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Thank you.