-
Customers trust you with their data,
and a breach could permanently
damage your reputation.
As more people around the globe begin to work from home and practice social distancing to combat the spread of COVID-19, businesses must prepare to handle a higher percentage of online transactions. With this rise in frequency of digital payments comes the increased threat of data breaches and digital fraud. With Verizon’s 2019 Payment Security Report indicating that payment security compliance had declined for the second year in a row, and the Americas lagging behind worldwide counterparts, now, more than ever, organizations must develop and maintain visibility, control and predictability in compliance performance that powers proactive — rather than reactive — data protection.
Your organization is ready when you:
Implement a plan to respond immediately to a cardholder data security incident, defining procedures for reporting incidents, responding to alerts and effectively managing the process.
Establish incident response (IR) procedures for security monitoring and responding to alerts, including rogue wireless monitoring, security event logs, intrusion detection and change detection solutions.
Communicate the plan and response procedures, ensuring personnel know of and are trained in the IR plan and procedures, and maintain a 24/7 capability to respond to cybersecurity alerts.
Conduct appropriate due diligence for third parties, including evaluation of IR capabilities and notification requirements for all security incidents.
Take the Verizon Payment Card Industry Data Security Standard (PCI DSS) assessment to get to the root of your security strategy, with the goal of not only addressing compliance requirements, but also improving your risk profile.
Your employees are ready when you:
Inform employees of proper response procedures for reporting incidents and responding to alerts, and complete proper training for every contingency.
Require multi-factor authentication for employees with remote access to servers.
Encourage employees to use their business devices for business use, and ensure that all virus scanning software, security patches and encryption services are working and up to date.
Additional help:
Verizon’s 2020 Payment Security Report
Payment Card Industry Compliance (PCI)
PCI DSS Assessment
18%
Percentage of organizations with no defined data protection compliance program (DPCP).
20%
Percentage of organizations that rate their DPCP maturity as “advanced.”
0%
Percentage of organizations that rate their program maturity as “optimized.”
Source: Verizon 2019 Payment Security Report