Indian firms must adopt new payment security standard as 5G era begins

As Indian organisations prepare to implement the new global payment security standard in the 5G era, a Verizon report said on Friday that the financial sector continues to be victimised by motivated organised crime, with servers being involved in 90 per cent of financial breaches.

Despite the Payment Card Industry Data Security Standard (PCI DSS) compliance improving significantly in 2020, the cybersecurity threats organisations face are more cunning and evasive than they were even two years ago, according to the 2022 Verizon Payment Security Report (2022 PSR).

The PCI SSC, a global payment security forum, has published version 4.0 of the payment security standard.

To provide organisations time to understand the changes in version 4.0 and implement any updates needed, the current version of PCI DSS, v3.2.1, will remain active for two years until it is retired on March 31, 2024.

"Despite compliance improvements, we know that bad actors are still out there and stronger than ever," said Sampath Sowmyanarayan, CEO, Verizon Business.

"To remain safe in today's heightened cybersecurity climate, organisations will need to approach their objectives and goals at a project, program and strategic level," Sowmyanarayan added.

The report found that overall, PCI DSS compliance improved significantly in 2020, with 43.4 per cent of organisations maintaining full compliance, compared to 27.9 per cent in 2019.

Additionally, while over half (56.7 per cent) of organisations failed their interim validation assessment due to one or more security controls omissions, the security control gap still improved substantially, from a high 7.7 percent in 2019 to a low 4.0 percent in 2020.

"Key changes to the standard focus on meeting the evolving security needs of the payments industry, continuously promoting security processes, increasing flexibility for organisations using different methods to achieve security objectives, and enhancing validation procedures," said Lance Johnson, Executive Director of the PCI Security Standards Council.

The report said that the CISOs and their teams will need to apply a logical, coordinated process to evaluate requirements and constraints of PCI DSS v4.0, while navigating their way through the changes.

The appeal of emerging technologies, such as 5G and edge computing, gained significant momentum when the pandemic exposed the weakest links of the financial services industry.

"The speed and stability of 5G will continue to enhance the mobile experience for the payments industry -- providing greater customer security through advanced biometric-based identification and verification methods," said the report.

--IANS

na/dpb