Interview with Frederic Jesupret - Mathieu Gorge

Interview with Frederic Jesupret

Vigitrust

Can you tell us about your safety and compliance journey?

I have over 20 years of experience in computer security (first IP protocols) and have followed technological developments as well as threats. Since 2006, I have been working on PCI DSS, with a first certification in 2008 and then coverage that extended to all subsidiaries worldwide on this pecificity.

Allianz Partners is one of the world’s B2B2C leaders in the areas of assistance, travel insurance, international health, and auto insurance. Focused on customer needs, our experts are rethinking insurance services by offering products and solutions of tomorrow, high tech, high touch that go well beyond traditional insurance. Our solutions are perfectly embedded in our partners’ offers or sold directly, and are marketed under four brands: Allianz Assistance, Allianz Care, Allianz utomotive and Allianz Travel. The group has more than 21,100 employees in 75 countries, speaking 70 languages ​​and handling 71 million cases each year, protecting customers around the world.

What is your point of view on PCI DSS in your industry and within your company?

Within the framework of PCI DSS we do training and certification. We do several Self-Assessment and SAQ that I validate, while a few are validated by our single auditor (a single QSA).

In terms of training, we have 3 essential types of training

  • End User training essential for call centers and convenience stores
  • Training on the 2nd Level support which intervenes on the machines – IT support which makes the support of all this
  • Secure coding

Our scope of compliance is very variable – it can range from the car which repairs with its bank card terminal in the car, to the e-commerce site with 30 million transactions per year, to the call center which manages a certain number of cards . We have several types of assessments: Merchant, Service Provider and SAQ A for some. So in all 4 or 5 types of assessments.

What made PCI DSS important, well received and funded with budgets etc. ?

This came first from customers, in 2006 when we had an airline’s first tender on PCI DSS, and then a second on the same subject. We therefore started to take an interest in it and we took a little time to get there until we became “compliant” in 2008. It is a “plus” business that is capital in our relations with our partners, Whatever the type of assessment in the world.

We have had requests from our partners, such as airlines, very early in the history of the standard, which prompted us to comply. We had to demonstrate to its strategic partners that we were in compliance.

Here we have a “turnkey” solution available to everyone.

Has the evolution of the standard created any specific problems?

The advantage of PCI DSS is that it always gives us time to adapt, even if it takes time to convince and set up a project. But it can be tricky to see how we’ll evolve the standards next year with version 4.0.

You have been working for 3 years with VigiTrust and elearning. What is the importance and added value of team training for you?

This can be explained through 2 concepts: it is the same program for everyone and with the local language, which is fundamental in some countries that speak little or no English. Also, it would be difficult to ask HR to develop a training module such as this one, which is not within their competence. Here we have a “turnkey” solution available to everyone.

On the value of demystifying security and compliance issues (5 pillar model or other model) and in terms of the impact on compliance and on what users do, how do you see that?

The PCI standards are complete and may seem rigid and complex but they require a high level of results. This is the most demanding of standards for me.

In terms of understanding standards, I think the standard could be simplified. This is why we have created a security framework around the PCI DSS standard. We rewrote in our own way and in a more pragmatic way, so that we are PCI DSS compliant and that we know how to stay that way. It is this last aspect which is for me the most complex. There are great similarities with the 5 pillars of VigiTrust security which also aim to simplify compliance: personal security, physical security, data security, infrastructure and crisis management. It is also easy to make a mapping between these pillars and the main lines of PCI DSS.

This may seem redundant because we ask the same questions every month and have tables filled in, but the Framework that we have set up allows this ease of “re-assessment” over time. We organize monthly meetings and checklists to be always close to the standard. It is an integral part of the Framework and requires preparation for the test and the events, and that way we do not miss a thing. This is why we are entering the second year of certification on our platforms in an almost calm manner.

Allianz relationship with VigiTrust

Allianz Partners is one of the world’s B2B2C leaders in the areas of assistance, travel insurance, international health, and auto insurance. Focused on customer needs, our experts are rethinking insurance services by offering products and solutions of tomorrow, high tech, high touch that go well beyond traditional insurance.Our solutions are perfectly embedded in our partners’ offers or sold directly, and are marketed under four brands: Allianz Assistance, Allianz Care, Allianz utomotive and Allianz Travel. The group has more than 21,100 employees in 75 countries, speaking 70 languages ​​and handling 71 million cases each year, protecting customers around the world.

VigiTrust is an award winning Integrated Risk management (IRM) solution provider. Its solution, VigiOne, is in in 120 countries in the hospitality, retail, transportation, higher education, Government, Healthcare and eCommerce industries to comply with legal and industry security standards and regulations including PCI DSS, GDPR, CCPA, NIST, ISO 27001 to name but a few. It is based in Dublin with support offices in Paris and New York.

Allianz WW has been working with VigiTrust since 2016 to provide PCI DSS security awareness training to several target audiences including in-scope employees, managers and development teams

Frederic Jesupret has been attending the VigiTrust Advisory Board since 2015 in Paris and in Dublin at global events. He is a regular contributor at industry experts brainstorming sessions

Want to See What the Next Ten Years of Cybersecurity Looks Like?

Learn the 5 Pillars of Security Framework™

Pick up your copy of The Cyber Elephant in the Boardroom
The Cyber Elephant in the Boardroom
Mathieu Gorge
Privacy Overview

This page describes our policies for the collection, use, and disclosure of website users’ personal information.

What information do we collect?

User-submitted information

We collect personal information from you when you fill out a form on this website, which may include a newsletter sign-up, assessment or contact form. This information includes your name, email address and may also include other personal details such as your phone number, mailing address, age or profession.

This information is used to email you survey results if you’ve taken a quiz on the website, to respond to any direct queries you may have sent us, as well as to send you personalized periodic emails, including newsletters, regular product and services updates, marketing and promotional information, or other correspondence. To stop receiving these communications at any time, simply click the “unsubscribe” option included at the bottom of each email.

Cookies

This website uses “cookies,” which are small files saved on your computer that store preferences and other information via your browser (i.e. Google Chrome, Firefox, Internet Explorer) that's then used on web pages you visit. These cookies uniquely identify a web browser on a specific computer, but aren’t used to identify an individual person. If you use multiple browsers or computers, each one has a different cookie.

We share information about your use of our website with our trusted social media, advertising and analytics partners, such as Google and Facebook. These third parties may use cookies, web beacons, and other similar technologies to collect or receive information from this website and elsewhere on the internet to provide measurement services and target ads. By using first-party cookies in conjunction with third-party cookies, we are able to analyze our website traffic and provide relevant customized content and advertising to website visitors.

Google Analytics Advertising 

We utilize a variety of Google Analytics Advertising features, which may include at any given time:

  • Remarketing with Analytics
  • Demographics and Interests reporting
  • Segments
  • DoubleClick Campaign Manager integration
  • DoubleClick Bid Manager integration

Remarketing keeps track of everyone who visits this website and follows users wherever they go on other websites in order to show them our targeted ads. Through use of cookies, Google (or other, similar third-party sites) will remember you visited our website in the past and display our advertisements within the other websites you visit. Google can only show the ads on websites that are part of the Google Display Network.

Facebook Pixel

This website also utilizes a tool known as Facebook Pixel, an analytics tool that helps us measure the effectiveness of our online advertising.

How to opt out

Users can choose to accept or decline cookies at any time. There are several ways to opt out of Google Analytics Advertising features and/or any other third-party use of cookies:

Security

We only collect personal information website visitors voluntarily provide, whether from filling out forms or opting into cookies. These details are kept confidential, and we do not sell information to any third-party entities. While we implement a variety of security precautions to protect all personal information submitted through this website, we cannot guarantee its absolute security, as no method of online data transmission or storage is 100% secure.

As noted in our disclaimer, this website may contain links to other third-party entities. Just as we are not in control of the content contained on these outside websites, neither are we responsible for their privacy policies and practices.

Changes to privacy policy

This privacy policy is effective as of February 26, 2021. We may update or change this policy at any time, and website users are urged to check this page periodically for updates.