Date post: | 21-Jan-2018 |
Category: |
Technology |
Upload: | verizon-enterprise-solutions |
View: | 306 times |
Download: | 0 times |
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Verizon 2017 Payment Security Report.Finance and Insurance Webinar
Tuesday, September 19th
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
This document and any attached materials are the sole property of Verizon and are not to be used by you
other than to evaluate Verizon's service.
© 2017 Verizon. All rights reserved. The Verizon name and logo and all other names, logos and slogans
identifying Verizon's products and services are trademarks and service marks or registered trademarks
and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other
countries.
All other trademarks and service marks are the property of their respective owners.
2
Proprietary statement
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Please advance to the next slide where you can watch the video. The total slide deck is available for your
reference after the video. Thank you.
3
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 4
Payment Security Experts
Rodolphe Simonetti
Global Managing Director
Security Assurance
Consulting
Verizon Enterprise
Solutions
Ron Tosto
Global Sr. Manager
Payment Security Practice
Verizon Enterprise
Solutions
Matt Arntsen
Principal Consultant
Payment Security Practice
Verizon Enterprise
Solutions
Ciske Van Oosten
Senior Manager
Payment Security Practice
Verizon Enterprise
Solutions
Confidential and proprietary materials for authorized Verizon
personnel and outside agencies only. Use, disclosure or distribution
of this material is not permitted to any unauthorized persons or third
parties except by written agreement.
The 2017 Payment Security Report.
• This report provides a thorough investigation of
the challenges of securing customers’ payment
data.
• It examines the state of payment security, and
looks at what needs to improve.
• Based on our PCI assessments, the report
explores compliance with PCI DSS in great
detail, and is an invaluable resource for
security and compliance professionals.
5
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 6
There’s good news: full compliance continued its upward progression.
But still almost half of organizations analyzed failed to maintain compliance.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Compliance for Financial Services
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Industry Comparison: Financial Services
Full compliance by region
Americas 35.0%
Europe 58.3%
Asia Pacific 81.8%
Full Compliance by industry:
All 55.4%
Financial Services 59.1% Second best
Retail 50.0%
Hospitality 42.9%
IT Services 61.3% Best
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 9
DSS Requirement 1Install and maintain a firewall configuration
Financial Retail Hospitality IT Services
Req 1 3.7% 13.6% 3.6% 2.4%
3.7%
13.6%
3.6%2.4%
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
% C
on
tro
ls N
ot
in P
lace
Financial Retail Hospitality IT Services
Req 1 96.3% 86.4% 96.4% 97.6%
96.3%
86.4%
96.4%97.6%
70.0%
75.0%
80.0%
85.0%
90.0%
95.0%
100.0%
% C
on
tro
ls i
n P
lace
Best
Worst
In place Control gap
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
DSS Requirement 2Do not use vendor-supplied defaults
10
Financial Retail Hospitality IT Services
Req 2 6.1% 15.2% 4.9% 4.1%
6.1%
15.2%
4.9%4.1%
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
% C
on
tro
ls N
ot
in P
lace
Financial Retail Hospitality IT Services
Req 2 93.9% 84.8% 95.1% 95.9%
93.9%
84.8%
95.1%95.9%
70.0%
75.0%
80.0%
85.0%
90.0%
95.0%
100.0%
% C
on
tro
ls i
n P
lace
Best
Worst
In place Control gap
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
DSS Requirement 3Protect stored cardholder data
11
Financial Retail Hospitality IT Services
Req 3 7.8% 21.5% 8.5% 3.9%
7.8%
21.5%
8.5%
3.9%
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
% C
on
tro
ls N
ot
in P
lace
Financial Retail Hospitality IT Services
Req 3 92.2% 78.5% 91.5% 96.1%
92.2%
78.5%
91.5%
96.1%
70.0%
75.0%
80.0%
85.0%
90.0%
95.0%
100.0%
% C
on
tro
ls i
n P
lace
Best
Worst
In place Control gap
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
DSS Requirement 4Protect data in transit
12
Financial Retail Hospitality IT Services
Req 4 7.4% 23.0% 7.8% 9.7%
7.4%
23.0%
7.8%9.7%
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
% C
on
tro
ls N
ot
in P
lace
Financial Retail Hospitality IT Services
Req 4 92.6% 77.0% 92.2% 90.3%
92.6%
77.0%
92.2%90.3%
70.0%
75.0%
80.0%
85.0%
90.0%
95.0%
100.0%
% C
on
tro
ls i
n P
lace
Best
Worst
In place Control gap
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
DSS Requirement 5Protect against malicious software
13
Financial Retail Hospitality IT Services
Req 5 2.2% 9.8% 0.4% 1.9%
2.2%
9.8%
0.4%1.9%
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
% C
on
tro
ls N
ot
in P
lace
Financial Retail Hospitality IT Services
Req 5 97.8% 90.2% 99.6% 98.1%
97.8%
90.2%
99.6%98.1%
70.0%
75.0%
80.0%
85.0%
90.0%
95.0%
100.0%
% C
on
tro
ls i
n P
lace
Best
Worst
In place Control gap
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
DSS Requirement 6Develop and maintain secure systems
14
Financial Retail Hospitality IT Services
Req 6 3.7% 16.3% 6.6% 0.6%
3.7%
16.3%
6.6%
0.6%
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
% C
on
tro
ls N
ot
in P
lace
Financial Retail Hospitality IT Services
Req 6 96.3% 83.7% 93.4% 99.4%
96.3%
83.7%
93.4%
99.4%
70.0%
75.0%
80.0%
85.0%
90.0%
95.0%
100.0%
% C
on
tro
ls i
n P
lace
Best
Worst
In place Control gap
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
DSS Requirement 7Restrict access
15
Best
Worst
Financial Retail Hospitality IT Services
Req 7 1.1% 4.2% 1.3% 0.3%
1.1%
4.2%
1.3%0.3%
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
% C
on
tro
ls N
ot
in P
lace
Financial Retail Hospitality IT Services
Req 7 98.9% 95.8% 98.7% 99.7%
98.9%
95.8%
98.7% 99.7%
70.0%
75.0%
80.0%
85.0%
90.0%
95.0%
100.0%
% C
on
tro
ls i
n P
lace
In place Control gap
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
DSS Requirement 8Authenticate access
16
Best
Worst
Financial Retail Hospitality IT Services
Req 8 3.4% 9.6% 7.4% 1.2%
3.4%
9.6%
7.4%
1.2%
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
% C
on
tro
ls N
ot
in P
lace
Financial Retail Hospitality IT Services
Req 8 96.6% 90.4% 92.6% 98.8%
96.6%
90.4%
92.6%
98.8%
70.0%
75.0%
80.0%
85.0%
90.0%
95.0%
100.0%
% C
on
tro
ls i
n P
lace
In place Control gap
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
DSS Requirement 9Control physical access
17
Best
Worst
Financial Retail Hospitality IT Services
Req 9 1.6% 13.3% 6.6% 2.8%
1.6%
13.3%
6.6%
2.8%
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
% C
on
tro
ls N
ot
in P
lace
Financial Retail Hospitality IT Services
Req 9 98.4% 86.7% 93.4% 97.2%
98.4%
86.7%
93.4%
97.2%
70.0%
75.0%
80.0%
85.0%
90.0%
95.0%
100.0%
% C
on
tro
ls i
n P
lace
In place Control gap
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
DSS Requirement 10Track and monitor access to networks and cardholder data
18
Best
Worst
Financial Retail Hospitality IT Services
Req 10 5.3% 11.7% 2.0% 4.2%
5.3%
11.7%
2.0%
4.2%
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
% C
on
tro
ls N
ot
in P
lace
Financial Retail Hospitality IT Services
Req 10 94.7% 88.3% 98.0% 95.8%
94.7%
88.3%
98.0%
95.8%
70.0%
75.0%
80.0%
85.0%
90.0%
95.0%
100.0%
% C
on
tro
ls i
n P
lace
In place Control gap
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 19
DSS Requirement 11Test security systems and processes
Best
Worst
Financial Retail Hospitality IT Services
Req 11 10.6% 16.2% 6.9% 5.5%
10.6%
16.2%
6.9%5.5%
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
% C
on
tro
ls N
ot
in P
lace
Financial Retail Hospitality IT Services
Req 11 89.4% 83.8% 93.1% 94.5%
89.4%
83.8%
93.1%94.5%
70.0%
75.0%
80.0%
85.0%
90.0%
95.0%
100.0%
% C
on
tro
ls i
n P
lace
In place Control gap
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 20
DSS Requirement 12Maintain an information security policy
Best
Worst
Financial Retail Hospitality IT Services
Req 12 4.4% 11.1% 7.6% 2.2%
4.4%
11.1%
7.6%
2.2%
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
% C
on
tro
ls N
ot
in P
lace
Financial Retail Hospitality IT Services
Req 12 95.6% 88.9% 92.4% 97.8%
95.6%
88.9%
92.4%
97.8%
70.0%
75.0%
80.0%
85.0%
90.0%
95.0%
100.0%
% C
on
tro
ls i
n P
lace
In place Control gap
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Financial services
2. Do not use vendor
supplied defaults
What can you do?
• Remove unnecessary
services, functionality and
user accounts.
• Change the default username
and passwords on all your
devices.
11. Test security
systems/ processes 12. Maintain an information
security policy
Control gap
What can you do?
• Use vulnerability scanning,
penetration testing, file
integration monitoring and
intrusion detection to help
identify and address
weaknesses.
What can you do?
• Establish, update, and
communicate effective
security policies and
procedures.
• Align these with the results of
regular risk assessments to
help address any
weaknesses.
42
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 22
Bottom 20 Controls: Requirement 2
RETAIL20 10.7 79.2%
19 6.2 79.3%
18 12.6 78.7%
17 6.3 79.1%
16 9.9 76.0%
15 3.5 77.5%
14 11.2 76.8%
13 12.2 76.5%
12 2.3 75.5%
11 3.4 76.3%
10 10.8 72.7%
9 3.1 71.8%
8 9.10 70.6%
7 12.7 70.6%
6 3.6 70.7%
5 3.7 70.7%
4 9.5 67.9%
3 4.1 66.7%
2 4.2 66.7%
1 6.6 60.0%
HOSPITALITY20 12.10 91.0%
19 2.5 90.0%
18 8.4 90.5%
17 9.10 90.5%
16 8.8 90.5%
15 3.3 88.9%
14 8.6 90.5%
13 6.7 90.0%
12 11.3 88.6%
11 12.6 89.7%
10 9.6 88.3%
9 12.2 88.1%
8 4.3 85.7%
7 9.2 87.3%
6 12.8 85.0%
5 3.1 84.4%
4 6.3 84.4%
3 12.9 88.9%
2 9.9 80.4%
1 6.6 75.0%
I.T. SERVICES20 12.10 95.5%
19 1.1 95.3%
18 3.5 95.1%
17 11.3 94.9%
16 6.2 94.8%
15 2.3 94.7%
14 12.6 94.6%
13 3.2 94.1%
12 11.2 94.0%
11 4.3 93.3%
10 10.3 93.1%
9 11.5 92.9%
8 10.2 92.6%
7 11.4 91.7%
6 10.1 89.7%
5 9.5 89.3%
4 3.4 88.1%
3 4.1 87.3%
2 4.2 87.3%
1 9.9 N/A
FINANCIAL20 11.5 93.3%
19 2.3 93.2%
18 12.2 93.1%
17 11.4 92.8%
16 2.2 92.7%
15 12.6 92.7%
14 12.8 92.3%
13 6.2 92.2%
12 3.2 91.8%
11 8.7 91.7%
10 3.5 91.1%
9 4.1 91.1%
8 4.2 91.1%
7 3.4 89.6%
6 11.2 86.4%
5 3.1 89.1%
4 6.6 88.2%
3 12.9 87.3%
2 9.9 85.9%
1 11.3 84.2%
It is mainly Control 2.3 - Encrypt non-console
administrative access
that organizations struggle with.
Over 90% of Financial Services organizations
had their
Requirement 2 controls in place during interim
validation.
In comparison, only 75.5% of retail
organizations had
Control 2.3 in place during interim validation.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 23
Bottom 20 Controls: Requirement 11
RETAIL20 10.7 79.2%
19 6.2 79.3%
18 12.6 78.7%
17 6.3 79.1%
16 9.9 76.0%
15 3.5 77.5%
14 11.2 76.8%
13 12.2 76.5%
12 2.3 75.5%
11 3.4 76.3%
10 10.8 72.7%
9 3.1 71.8%
8 9.10 70.6%
7 12.7 70.6%
6 3.6 70.7%
5 3.7 70.7%
4 9.5 67.9%
3 4.1 66.7%
2 4.2 66.7%
1 6.6 60.0%
HOSPITALITY20 12.10 91.0%
19 2.5 90.0%
18 8.4 90.5%
17 9.10 90.5%
16 8.8 90.5%
15 3.3 88.9%
14 8.6 90.5%
13 6.7 90.0%
12 11.3 88.6%
11 12.6 89.7%
10 9.6 88.3%
9 12.2 88.1%
8 4.3 85.7%
7 9.2 87.3%
6 12.8 85.0%
5 3.1 84.4%
4 6.3 84.4%
3 12.9 88.9%
2 9.9 80.4%
1 6.6 75.0%
I.T. SERVICES20 12.10 95.5%
19 1.1 95.3%
18 3.5 95.1%
17 11.3 94.9%
16 6.2 94.8%
15 2.3 94.7%
14 12.6 94.6%
13 3.2 94.1%
12 11.2 94.0%
11 4.3 93.3%
10 10.3 93.1%
9 11.5 92.9%
8 10.2 92.6%
7 11.4 91.7%
6 10.1 89.7%
5 9.5 89.3%
4 3.4 88.1%
3 4.1 87.3%
2 4.2 87.3%
1 9.9 N/A
FINANCIAL20 11.5 93.3%
19 2.3 93.2%
18 12.2 93.1%
17 11.4 92.8%
16 2.2 92.7%
15 12.6 92.7%
14 12.8 92.3%
13 6.2 92.2%
12 3.2 91.8%
11 8.7 91.7%
10 3.5 91.1%
9 4.1 91.1%
8 4.2 91.1%
7 3.4 89.6%
6 11.2 86.4%
5 3.1 89.1%
4 6.6 88.2%
3 12.9 87.3%
2 9.9 85.9%
1 11.3 84.2%
Requirement 11 is still a problem in the Financial
Services and I.T Services industries.
Control 11.3 Implement penetration testing is the
worst performing control in Financial Services
(84.2%).
It also scored very low the Hospitality industry
(88.6%)
Control 11.2 scored very low in the Retail
industry (only 76.8%)
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 24
Bottom 20 Controls: Requirement 12
RETAIL20 10.7 79.2%
19 6.2 79.3%
18 12.6 78.7%
17 6.3 79.1%
16 9.9 76.0%
15 3.5 77.5%
14 11.2 76.8%
13 12.2 76.5%
12 2.3 75.5%
11 3.4 76.3%
10 10.8 72.7%
9 3.1 71.8%
8 9.10 70.6%
7 12.7 70.6%
6 3.6 70.7%
5 3.7 70.7%
4 9.5 67.9%
3 4.1 66.7%
2 4.2 66.7%
1 6.6 60.0%
HOSPITALITY20 12.10 91.0%
19 2.5 90.0%
18 8.4 90.5%
17 9.10 90.5%
16 8.8 90.5%
15 3.3 88.9%
14 8.6 90.5%
13 6.7 90.0%
12 11.3 88.6%
11 12.6 89.7%
10 9.6 88.3%
9 12.2 88.1%
8 4.3 85.7%
7 9.2 87.3%
6 12.8 85.0%
5 3.1 84.4%
4 6.3 84.4%
3 12.9 88.9%
2 9.9 80.4%
1 6.6 75.0%
I.T. SERVICES20 12.10 95.5%
19 1.1 95.3%
18 3.5 95.1%
17 11.3 94.9%
16 6.2 94.8%
15 2.3 94.7%
14 12.6 94.6%
13 3.2 94.1%
12 11.2 94.0%
11 4.3 93.3%
10 10.3 93.1%
9 11.5 92.9%
8 10.2 92.6%
7 11.4 91.7%
6 10.1 89.7%
5 9.5 89.3%
4 3.4 88.1%
3 4.1 87.3%
2 4.2 87.3%
1 9.9 N/A
FINANCIAL20 11.5 93.3%
19 2.3 93.2%
18 12.2 93.1%
17 11.4 92.8%
16 2.2 92.7%
15 12.6 92.7%
14 12.8 92.3%
13 6.2 92.2%
12 3.2 91.8%
11 8.7 91.7%
10 3.5 91.1%
9 4.1 91.1%
8 4.2 91.1%
7 3.4 89.6%
6 11.2 86.4%
5 3.1 89.1%
4 6.6 88.2%
3 12.9 87.3%
2 9.9 85.9%
1 11.3 84.2%
Requirement 12 remains problematic across
most industries.
Financial Services struggle with Control 12.9 –
service providers – which is in the bottom 3 worst
performing controls.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 25
PCI DSS Compliance by Industry: 2016
Ranked top to bottom per DSS key requirement
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 26
Vertical Industry Top 20 In Place Controls 2016
RETAIL1 2.6 100.0%
2 12.9 100.0%
3 12.5 100.0%
4 9.3 98.0%
5 5.3 97.9%
6 7.1 97.9%
7 10.5 95.7%
8 11.5 95.7%
9 5.1 95.5%
10 4.3 95.0%
11 1.5 94.1%
12 12.4 94.1%
13 6.1 94.1%
14 9.4 93.8%
15 8.4 93.8%
16 8.8 93.8%
17 7.2 93.5%
18 10.3 92.4%
19 12.1 91.7%
20 8.2 91.5%
HOSPITALITY1 1.3 100.0%
2 5.1 100.0%
3 5.2 100.0%
4 5.3 100.0%
5 8.7 100.0%
6 12.1 100.0%
7 10.2 100.0%
8 7.2 100.0%
9 10.3 100.0%
10 11.4 100.0%
11 2.6 100.0%
12 10.5 99.2%
13 2.1 98.7%
14 7.1 98.4%
15 9.8 97.8%
16 9.1 97.6%
17 10.6 96.6%
18 1.2 96.0%
19 2.2 95.8%
20 6.4 95.9%
I.T. SERVICES1 1.3 100.0%
2 1.5 100.0%
3 2.5 100.0%
4 2.6 100.0%
5 5.3 100.0%
6 5.4 100.0%
7 6.1 100.0%
8 6.4 100.0%
9 6.6 100.0%
10 6.7 100.0%
11 7.2 100.0%
12 7.3 100.0%
13 8.3 100.0%
14 8.4 100.0%
15 8.5 100.0%
16 8.6 100.0%
17 8.7 100.0%
18 8.8 100.0%
19 9.6 100.0%
20 9.7 100.0%
FINANCIAL1 2.6 100.0%
2 5.4 100.0%
3 1.5 100.0%
4 9.4 99.8%
5 9.1 99.7%
6 12.5 99.5%
7 8.4 99.5%
8 9.3 99.5%
9 7.2 99.2%
10 9.6 98.8%
11 7.1 98.7%
12 8.5 98.7%
13 8.8 98.5%
14 2.4 98.5%
15 12.3 98.5%
16 7.3 98.4%
17 9.10 98.4%
18 8.3 98.1%
19 9.2 97.9%
20 5.1 97.8%
Top 20 Most compliant
I.T Services had significantly more
controls that achieved 100%
compared to other industries.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 27
The lifecycle of PCI DSS controls
Confidential and proprietary materials for authorized Verizon
personnel and outside agencies only. Use, disclosure or distribution
of this material is not permitted to any unauthorized persons or third
parties except by written agreement.
Keep your options open.
Think of how your controls will adapt to changes in the business and/or IT environment. Resilience is key.
Confidential and proprietary materials for authorized Verizon
personnel and outside agencies only. Use, disclosure or distribution
of this material is not permitted to any unauthorized persons or third
parties except by written agreement.
Make everyone aware of what they need to do.
Assign roles, define responsibilities and verify that everyone understands what’s expected of them.
Confidential and proprietary materials for authorized Verizon
personnel and outside agencies only. Use, disclosure or distribution
of this material is not permitted to any unauthorized persons or third
parties except by written agreement.
Keep the ultimate goal in mind.
The point of payment security is to safeguard customer data, not just pass an assessment.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 31
Read Verizon’s 2017 Payment Security Report to get the full picture:VerizonEnterprise.com/PaymentSecurity
Verizon Insights Podcast on iTunesPayment security and PCI compliance: What does it mean and how does it help to keep you and your
customers safe? Featuring: Mauro Lance, COO – PCI Security Standards Council and Troy Leach, CTO –
PCI Security Standards Council
Contact us:
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Thank you.Q&A.