Frederic Jesupret is a PCI Compliance Manager with over 20 years of experience in Information Security, Cybersecurity, Data Protection, Compliance and Digital Transformation. In his current role, he works on ensuring that all processes related to handling credit card information by Allianz Partners are compliant with the PCI DSS standard.
PCI DSS stands for Payment Card Industry Data Security Standard. It is a common set of industry tools and measurements to ensure the safe handling of sensitive information, established by the credit card industry in response to an increase in identity theft and credit card fraud. Every company who handles credit card data is responsible for safeguarding that information, and can be held liable for security compromises.
Allianz Partners is a world leader in B2B2C insurance and assistance, specializing in the areas of international health & life, automotive, assistance and travel insurance. Operating in over 78 countries, Allianz Partners offers global solutions that are redefining help, going beyond traditional insurance to help and protect customers wherever they are and whenever they need it. Their innovative experts deliver future-ready, high-tech, high-touch products and services through four commercial brands: Allianz Assistance, Allianz Care, Allianz Automotive and Allianz Travel. Over 19,000 employees handle more than 54 million cases each year, motivated to go the extra mile to help and protect customers and employees around the world.
Why did the role of PCI Compliance Manager appeal to you?
In my role, I set up the PCI framework to be implemented within our Business Units around the world that handle credit card data. We store, process or transmit credit card numbers through merchant websites, concierge services, or through our call centres. I coordinate local compliance to the standard through a set of guidelines and common tools so that we remain a best-in-class network of worldwide service providers that can guarantee data safety.
What I enjoy about the role is having to understand the business needs of our local markets and then supporting them individually in reaching compliance. Many of our clients and bank partners require compliance, and as we are driven to add value and benefit to our business partners we are committed to reaching and maintaining the standard. I enjoy leading this process and supporting our teams around the world.
What should corporate boards know about PCI DSS Compliance?
From my perspective, it is crucial that board members understand the business implications of being PCI Compliant and its importance if we want to be a future-ready, innovator that can anticipate and respond to customer needs. PCI Compliance represents a significant part of the revenue of our company, and showcasing the magnitude of this revenue and the number of transactions that are compliant can convince the board to allocate resources to all teams involved to reach and maintain compliance. Therefore corporate boards need to see both the business benefits as well as the risks if we do not comply.
How do you create a PCI Compliant culture within Allianz Partners?
The first step is to have the right internal organization. At Allianz Partners, in each local Business Unit, there is a local PCI manager who is responsible for coordinating and implementing the standard. To support our local teams, I, as the global lead for the programme, designed a framework that provides a basis for each assessment. The framework allows teams to identify all the areas where credit card information is needed, which defines, builds and maintains the scope of the assessment. I coordinate the rollout of the framework within the organization, and am the main contact for all local and global teams. The right structure helps to ensure the processes go smoothly.
Training is also key. We invest in sustaining our specialist expertise and have created several e-learning modules to give everyone working in this area the tools and skills to understand the standard and its implementation within the Group and local markets.
What are the biggest challenges you face in the year ahead?
We have been PCI Compliant since 2008. Once you reach compliance, you have to maintain it, as we have to renew assessments every year. This involves continuing regular controls and training. Our operational teams locally have many challenges and priorities, and every day I need to ensure that PCI compliance is one of them.
How do you balance PCI Compliance and Innovation?
Innovation is key within Allianz Partners, and we are dedicated to delivering high-tech high-touch solutions to our customers that can safeguard the safety of their end-user financial data. When we launch new products, in the design phase we ensure that all processes are compliant to the standard. While there is the willingness to go to market as fast as possible, my role is to make sure that time and resources are allocated so the solution fits with the standard. I am involved in all phases of the rollout of new products involving credit card numbers, so that our business partners and their customers remain confident in the way we handle personal data. It is indeed a balance, but we work hard to get it right.
How do you collaborate on PCI DSS within and outside the organization?
Collaboration is one of my priorities. After many years working on this subject, I am now quite well known within Allianz Partners as the PCI DSS expert. When sales are working on a tender involving payments, they routinely contact me to ensure we can provide the right solutions and best service level for the customer. We receive more and more tenders, both local and multi-market, requesting PCI DSS compliance, so there is an expectation in the market around this standard.
Furthermore, we are an active member of the PCI community, as Allianz Partners is a Participating Organization in the PCI Security Standards Council. We are especially active in Special Interest Groups to enrich the documents library of the standard, which contains a framework of specifications, tools and support resources to help organizations ensure the safe handling of cardholder information at every step.
I am proud that Allianz Partners has been PCI compliant for over 10 years, and look forward to expanding the scope of our compliance across the globe. Our teams are constantly pushing technological and geographical boundaries to meet client needs, and I am happy to accompany them on this mission, intent on ensuring the safe handling of all credit card data, so our business partners and their clients can count on us at every step.