With the rapid rise and advancement of technology that recent times have witnessed, also came unexpected challenges of security. Cybersecurity is one of the most talked-about topics these days, and for good reason.
The pandemic drastically boosted the popularity of digital payments, as it fitted in with the social distancing norms of today. Concerns over security have increasingly plagued this industry as it grew, but there hasn't been a corresponding growth in cybersecurity measures. So there is a need to focus on building awareness about ensuring security in the digital payments industry.
This interview with Mr. Nitin Bhatnagar, Associate Director – India, PCI Security Standards Council, delves into the shifting digital payments landscape of the country and the security concerns that come with it.
About PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) has provided globally recognized standards for payment data security since its inception in 2006. This independent council was originally formed by American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc., established to develop and drive adoption of payment data security standards and resources for safe payments worldwide.
“Our mission has always been to enhance global payment account data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders,” Bhatnagar says.
“Our efforts are also dedicated to increasing awareness about the standards and inviting the industry to participate with their feedback to constantly develop these security standards to mitigate every growing cybersecurity challenges.”
Ensuring Security in Digital Payments
The council’s activities in India have been increasing through the years, as, in Bhatnagar’s words,
“India is a dynamic market where technological innovation is driving change in the payments landscape.”
Bhatnagar has been serving as the Associate Director of PCI SSC in the country for over two years. One of the key accomplishments credited to him is that the RBI in their last few Master Documents/Circulars for Payment in India have mandated the adoption of PCI standards for the protection of payment card data in the country.
One of his main responsibilities has been to raise awareness around the importance of payment data security and the adoption of the PCI security standards. This is especially relevant considering that the rising threat of cybercrime and data security breaches are an ever-increasing concern in the country. “I also continue to work towards highlighting how the PCI SSC’s Participating Organization (PO) program provides Indian businesses the opportunity to participate in the development of standards alongside global companies,” he adds.
Digital Payments in India are undoubtedly getting more and more popular, and Bhatnagar affirms that a cashless society does appear to be on the horizon. This recent boost in advancements is excellent news for India. He attributes this change to the COVID-19 pandemic-
Recommended blog - The Success Story of PayPal
“The pandemic propelled the adoption of digital payments in the country with businesses and consumers increasingly making use of contactless payment technology to reduce the risk of transmitting COVID-19.”
The world shifted towards remote working following the outbreak of COVID-19, India’s reliance on technology naturally increased, but there are challenges that this shift poses. A need for robust data security arises here. “Throughout the pandemic, cyber criminals have consistently looked to exploit our new way of working, often through malicious spam campaigns claiming to be directly related to the pandemic,” he explains.
PCI SSC had taken steps to stay ahead of the looming crisis as much as possible. “During the early stages of the pandemic PCI SSC quickly rolled out best practice solutions and guidance to help businesses that handle cardholder data mitigate their risk of these COVID-19 related cyberattacks being successful,” according to Bhatnagar.
“We continue to share guidance on how companies can protect their customers payment data through our PCI Perspectives blogs as well as rolling out new training to educate organizations and remote workers on the basics of working from home in a secure manner.”
“With an increase in the number of ways people make and take payments, there are an increasing number of avenues which cybercriminals can exploit to steal cardholder data,” He explains. He also cites this evolution of cybercrime alongside technology as one of the largest threats to a potential cashless society.
He says that there is a need for vigilance to combat cybercrime through ensuring that people always follow best practices when handling cardholder data.
Also, with the increase in cybersecurity threats there has been no matching increase in skilled professionals to combat this. So to help address this shortage of trained cybersecurity professionals in India, PCI SSC have been working to increase the number of people who have received payment security education in India, via the PCI Professional training.
“As more security experts are trained on PCI standards and resources, Indian businesses will be better placed to mitigate the impact of cybercrime as these training equip professionals with necessary tools that help build a secure payment environment.”
Bhatnagar urges Indian businesses to rise to the challenge of combating cybercrime and protecting their business against data theft. He quotes an IBM study which found that the average cost of a cyber breach to a single business in India in 2020 amounted to $2 million in reparations and lost business.
“The damage is so great in part because hackers have so much time inside companies’ systems collecting enormous amounts of financial data totally uninterrupted,” He says. “Cyber security is a business issue, not an IT problem.”
Evolving Security Needs
“The future of the digital payments ecosystem is promising, but the growth of digital payments must always correspond with an increased focus on security.”
It has been PCI SSC’s goal to help synchronize these efforts. The most recent and much anticipated development to PCI Data Security Standards (PCI DSS) v4.0, aims to- “ensure that the security standards continue to meet the security needs of the payments industry, add flexibility and support for additional methodologies to achieve security, and promote security as a continuous process and enhances validation methods and procedures.”
Speaking specifically about the country, Bhatnagar thinks that the ability to securely use the latest payments technology will be a key aspect in the road ahead for payment card data security in India. This can be moved forward with the help of the PCI DSS v4.0, which is evolving to introduce greater flexibility to support organizations using a broad range of controls and methods to meet security objectives.
Recommended blog - Paytm Karo - The Story of Paytm
The digital payments sector is constantly evolving and adapting, and the PCI SSC grows to remain up-to-date with these changes. As an organization that leads global payment data security efforts, the council is constantly evolving to “improve cardholder payment data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders.”
To ensure the development of PCI standards accommodates the nuances for each region, it is supported by data and insights from members of the PCI PO program, helping ensure that the standards can be implemented worldwide and help secure payment data globally.