PSR Introduction

Please provide the information below to view the online Verizon Payment Security Report.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

  • About this report:

    Most security and compliance programs can do a lot better. Are you currently attaining your security and compliance goal? Do you know where to focus your efforts? What is keeping your strategy and program from progressing? What is keeping your control system from reaching its full potential? What exactly are the constraining factors? Everyone on your team has an opinion, but which is right? You can find the answers to these and more PCI security questions in this report, which distills a range of security and compliance subjects into valuable insights. We study various tools, tactics and methods applied by numerous organizations and explore why some companies accomplish more than others in their efforts to achieve sustainable and effective data security. We also distinguish between the approaches that separate busy security teams from productive ones and analyze the different ways decisions are made and how that can impact which strategies are formed and goals embraced.

    —Ciske van Oosten, Head of Global Business Intelligence, Verizon Security Assurance Division

  • Reader feedback:

    Verizon’s 2020 Payment Security Report—Focusing on strategy.

    “While PCI DSS forms the foundation of these reports and informs their content, the guidance is broadly applicable, and they could easily be rebranded as ‘data security’ reports. I hope everyone responsible for data security takes the opportunity to not only read this year’s report but to also download the reports from prior years. Each report builds on the previous foundations, and the 2020 report provides an overall success strategy for CISOs and information security leaders.… The Verizon Payment Security Report remains one of the most valuable assets for developing and improving a data security environment. Whether providing key concepts such as the nine factors of control effectiveness, the five constraints, or this year’s focus on strategy, the report is essential reading for security leaders. The 2020 report  reads like a short textbook for a master’s level college course for CISOs, and it is full of guidance for developing and improving security leadership.”

    —Anthony Israel-Davis, Tripwire1

    “This report is a welcome wake-up call to organizations that strong leadership is required to address failures to adequately manage payment security. The Verizon Business report aligns well with Omdia’s view that the alignment of security strategy with organizational strategy is essential for organizations to maintain compliance, in this case with PCI DSS v3.2.1 to provide appropriate levels of payment security. It makes clear that long-term data security and compliance combines the responsibilities of a number of roles, including the Chief Information Security Officer, the Chief Risk Officer, and Chief Compliance Officer, which Omdia concurs with.”
    Maxine Holt, Senior Research Director, and Brian Curl, OMDIA (previously known as Ovum)2

  • Verizon Payment Security Report history

    2010: Complexity and uncertainty

    An exploration of the complexity of PCI security, the growing pains of PCI compliance and the need to evolve toward a process-driven approach for compliance.

    2018: Sustainable control effectiveness

    Introduction of five practical models to achieve sustainable control effectiveness across your control environment, including the 9 Factors of Control Effectiveness and Sustainability, and the 7 Constraints of Organizational Proficiency.

    2011: Dealing with evolution

    A review of the changing compliance requirements, with insights into the importance of sound decision-making and how organizations can position themselves for success.

    2019: Evaluating program performance

    Achieving high-performance security programs with sustainable and effective controls in a predictable manner, and addressing constraints that prevent continuous improvement of process and capability maturity.

    2014: Simplifying complexity

    A review of the value of compliance, the impact of PCI DSS changes, the need for sustainability and how to improve scope reduction and compliance program management.

    2020: The underlying reasons for low control effectiveness and sustainability

    The value of a strategic approach to security compliance management, and how avoiding the Top 7 Strategic Data Security Management Traps contributes to reduced complexity and helps CISOs and their teams be more productive and successful.

    2015: Achieving sustainability

    A focused look at improving the sustainability of compliance, and a review of the state of scope reduction and payment security.

    2022: A logical process for meeting PCI DSS v4.0 goals and requirements

    How to navigate the changing requirements introduced by PCI DSS version v4.0, with clear goals, a logical process and innovative models that eliminate core conflicts and constraints.

    2016: Developing proficiency

    Developing data security proficiency, skills and experience, and applying a structured approach to compliance management.


    2017: Establishing internal control

    The importance of establishing and maintaining an internal control environment and a holistic approach, incuding security control life-cycle management.