Embed Size (px)
DESCRIPTION
The Verizon 2014 PCI Compliance Report offers unique insights into the state of compliance with the PCI Data Security Standard. Built on casework from actual Verizon PCI assessments, the report affirms that payment card transactions remain a prime target for attackers, and that compliance should be a part of business-as-usual processes and not a one-time, annual event. Want to learn more? Download the full report here: http://vz.to/PCIreport2014
Citation preview
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
GETTING PCI COMPLIANCE RIGHTKey findings from the Verizon 2014 PCI Compliance Report
3
Who does payment card data matter to?
Source: Verizon 2014 PCI Compliance Report
4
We use themalmost everywhere
Leisure and entertainment
Planes, trains, and gas
HealthcareAt kiosks and vending machines
In person
Over the phone
Insurance and utility bills
On the Internet
To pay for allsorts of things
Source: Verizon 2014 PCI Compliance Report
5
Payment card fraud continues to increase…
PCI Reportpicture
Source: Verizon 2014 PCI Compliance Report
6
If your organization accepts card payments, then PCI DSS compliance should matter to you.
Why? Because it can help you avoid data breach risk, and financial and reputational damages.Figures from Ponemon Institute 2013 Cost of Data Breach report
http://www.ponemon.org/library/2013-cost-of-data-breach-global-analysis Source: Verizon 2014 PCI Compliance
Report
7
But in 2013 most companiesfailed their Payment Card IndustryData Security Standard (PCI DSS) baseline assessment
88.9%
Source: Verizon 2014 PCI Compliance Report
8
25%
70%
There is a bright spot…the number of organizations that were mostly compliant* rose
* Compliant with 81–99% of requirements
in 2012
in 2013
Source: Verizon 2014 PCI Compliance Report
9
Compliance varies by requirement
had good access management policies(Requirement 7)
58% 24%met vulnerability scanning expectations(Requirement 11)
Source: Verizon 2014 PCI Compliance Report
10
Twice as many (70%) of
retailers were mostly
compliant
35% of hospitality
organizations were mostly compliant*
Compliance varies by industry
Mostly compliant = met 81–99% of controls/subcontrolsSource: Verizon 2014 PCI Compliance Report
11
75%
Asia/Pacific
56%
NorthAmerica
31%
Europe
…and it varies by region, too
Source: Verizon 2014 PCI Compliance Report
12
Download the full reportverizonenterprise.com/pcireport/2014
Want to learn more?
PCI Reportpicture
Source: Verizon 2014 PCI Compliance Report
