20 years navigating the world of data protection
Twenty years ago, in 1999, the major card brands initiated their cardholder data protection programs and in 2004, the programs were combined into a single data security standard. The PCI DSS celebrates its 15th birthday this year (v1.0 was released in 2004). An effective and sustainable control environment remains as relevant as ever, yet for many organizations, this remains a challenge.
Going through a check-box routine or merely throwing money into data protection does not solve organizations’ compliance challenges. Often, these tactics lead to a false sense of security. Too many organizations are stuck in a reactive “wash, rinse, repeat” pattern, focusing only on meeting baseline compliance requirements.
To keep up with threats, data protection compliance programs (DPCPs) must continue to evolve and mature. Organizations must develop visibility, control and predictability in compliance performance. They must become proactive instead of reactive.
What the industry seems to need most is guidance on how to develop and how to measure the effectiveness and maturity of their DPCPs. That is what this edition of the Payment Security Report is about.
Verizon’s cumulative experience gained from 25 years of measuring, analyzing and building mature, effective compliance and security programs has helped us position the 2019 PSR as the ideal navigational guide—not only for charting one’s course through uncertain and changing waters, but for staying ahead in the race. This year, we build on the insights and recommendations from past years to introduce the practical, integrative Verizon 9-5-4 Compliance Program Performance Evaluation Framework as a navigational tool to improve DPCPs.