Author – Bijal Doshi
With the budding trend of e-commerce industries, we are seeing an all-time high in transactions happening via Card-Not-Present channel. As the organizations allow features like express check-out, they end up storing cardholders data. Hence, the need to protect the card holder data has increased manifold.
It is, therefore, no wonder, that companies are suddenly finding themselves in a hurry to be PCI Compliant. Being PCI-DSS compliant not only ensures that the company is certified, it inculcates confidence in customers that their data is well-protected against any kind of fraud or misuse.
However, it is not only PCI DSS compliance that we are seeing being chased upon. There are number of other factors which are dominating the payment card industries these days. In this article, we observe some of the evolving trends in Payment Card Industry:
Increase in Card-Not-Present transactions
Gone are the days, when consumers were afraid to dispense their conservative style of banking and buying to step into the e-commerce market. As many sectors are witnessing a major e-comm revolution we now see more and more startups looking forward to tap the benefits of the immensely potential market. As the number of smart cellphones purchases increase by millions day by day in developing countries like India, the m-commerce market may not be too behind in this revolution.
Even though the number of card-not-present transactions are increasing in numbers, it is interesting to note that these transactions are more often than not, low-valued transactions.
Low-cost, bulk transactions
With the increase in low-cost, bulk volume transactions, companies are focusing more on the efficiency of their technology in order to facilitate such developments. Their penchant is now growing towards building a highly capable network infrastructure, stronger encryption solutions to protect sensitive information, building web applications with minimum risk etc.
Smart networks and applications that can withstand any pressure from cyber-criminals and hackers are the need of the hour.
A number of data breaches have been reported lately, with Target breach being the most talked about. It is becoming more and more imperative to protect a customer’s card data in the ever-growing card-present as well as card-not-present environment. Card breaches may happen intentionally or unintentionally. Intentionally, when a hacker tries to steal information by exploiting a flaw in the payment application or a network compromise. Unintentionally, when a company’s hard drive may crash suddenly and data can be stolen and misused in a dormant state.
Increased media attention
Apart from facing all the technical challenges and security risks, companies have the additional responsibility of preserving their reputation. With the paparazzi constantly keeping an eye for any news on defamation, companies not only have to fear the brunt of security compromise, they may also face the hazard of being written off forever.
Above all challenges have pushed companies towards PCI DSS compliance. PCI DSS aims at reducing frauds happening via cardholder data breaches. It is being increasingly enforced by payment brands on the acquirers who in turn enforce the same on merchants and service providers. With the media persistently on the hunt for more news on cyber-attacks and companies’ name constantly at stake, organizations are obliged to inculcate security awareness within their employees and maintain PCI DSS compliance throughout.
Focus on security, not just compliance
PCI DSS aims at ensuring security and not just compliance for the organizations. Most organizations hire a Qualified Security Assessor to perform PCI DSS Audit. A QSA helps organization to not only achieve certification, but adds value through his/her past experience and qualifications. Evolving technologies, new threat landscape, reputational as well business risks compels organization to maintain their compliance all year round. Following a risk-based approach to compliance goes a long way in helping organizations to evaluate threats and their impact on critical systems.
With the above trends in payment card industry, we are surely to witness more and more catch-22 situation with respect to hackers and cyber-crime investigators.
About Author : Bijal Doshi, PCI-QSA, CISSP, CPISI-S, CEH