Insights from Verizon’s 2021 Payment Security Report
Data Security Must Adapt to the Shifting Landscape
Given the continuation of remote work for many and with spending rising for online retailers (by 4% in October, according to the Commerce Department) it’s clear that many of the changes caused by the pandemic aren’t going anywhere. In a similar vein, companies and individuals remain just as vulnerable to cyber-attacks and the damage is significant with the average amount of reported ransomware transactions per month in 2021 costing $102.3 million. With this in mind, Verizon released its 2021 Payment Security Report Insights. This report analyzes the latest update to the flagship Payment Card Industry Data Security Standard (PCI DSS) and gives guidance to businesses, helping them ensure that data security controls remain relevant and effective.
Verizon’s report highlights approaches such as addressing ongoing changes in the threat landscape, creating flexibility and support of additional methodologies to achieve security and promoting security and compliance as an ongoing process. Below, we dive deeper into the key takeaways from the report:
- Companies need goals for the long-term, not for the time being: Companies are figuring out how to achieve sustainable payment card data security while keeping it effective. The best solution is to think about the long-term. The most successful goals are ones that are rooted by a strategy and design that has been thoroughly thought out to work year-round, rather than one led by trial and error for the sake of passing an annual security assessment.
- Set clear goals and ensure the right people are involved in making them. Goals should be clear and have a keen strategic defence plan, developed by CISOs and security managers who are first in line to ensure execution. They should understand what their business’s specific needs and problem-solving solutions are before drafting goals and work with project managers in ensuring these solutions are up to par. It takes a full team to guarantee goals are aligned and being executed to the fullest extent.
- Find the best security fit for your company. No approach is better than the next, but the challenge is for companies to identify the solution that fits their needs best. The defined approach to PCI compliance simply means that companies follow the current (traditional) requirements and testing procedures as written in the PCI DSS. This approach is one that all businesses can continue to benefit from due to its more prescriptive direction on how to meet objectives.
- Be open to change, and know how to implement it. Some companies are ready for change and need to enhance their old methods in order to keep up with the speed of today. The new PCI DSS v4.0 customized implementation is best for businesses with mature control environments, as it focuses on an outcome-based approach which is more intuitive than a typical must-implement-based approach. As unique as this approach is, not every company is ready for these fast-paced developments, but the ones up for the challenge will have security controls that deliver results like never before.
As we head into 2022, companies can’t get too comfortable with their security practices and continue to procrastinate reviewing their protocols. If you’re looking for solutions to secure your customer service channels during this period of remote work, PCI Pal can help. Our payment solutions will ensure your customers’ sensitive information is kept secure whether at home or in the office. Contact us today to learn more.