Cxo of the week: Nitin Bhatnagar Associate Director, PCI Security Standards Council

Payment Card Industry Security Standards Council (PCI SSC). A global standards body for the payment card industry, that develops security standards that helps businesses protect the card data of a user. The Payment Card Industry Data Security Standards (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit debit/credit card information maintain a secure environment.

Their mission is to enhance global payment account data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders.

We recently interacted with Nitin Bhatnagar Associate Director, PCI Security Standards Council. He shared important details about PCI, his entrepreneurial journey, the company’s growth, and much more. Read below to know more about it.

Introduction.

The Payment Card Industry Security Standards Council is a global body formed to develop, enhance and assist with the understanding of security standards for payment industry. PCI SSC provides critical tools needed for the implementation of the standards such as assessment and scanning qualifications, self-assessment questionnaires, training and education, and product certification programs. Their mission is to enhance global payment account data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders.

Kindly elaborate more about the PCI Security Standards Council and its operations in India?

PCI Security Standards Council was created by the major credit card company stakeholders in order to protect credit card holder data. The five founding credit card companies – American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. – are responsible for carrying out the organization’s work. PCI develops and manages the Payment Card Industry Data Security Standard (PCI DSS) and the Payment Application Data Security Standard. The PCI SSC is also responsible for education and awareness efforts around the standards. Other organizations can join the PCI SSC as Participating Organizations and review proposed additions or changes to the standards.

What, as per you, are the five important things that fintech should be looking at today?

• Part of the key security challenges when it comes to payment security for fintech is education and training. All employees should be trained and educated about the threat of cybersecurity, Data Security Standards Implementation.
• The PCI Security Standards Council continues to conduct training programs in India and recruit a community of payment security experts through our Participating Organization (PO) programing order to influence the standards there is a need for regional involvement.
• Cybersecurity has to be given higher priority within organisation at both decision-making and product design levels.
• Organisations need to resort to the best security practices and cybersecurity solutions to counteract data security challenges. Encryption and tokenisation are one of the most essential and effective security solutions for the fintech space.
• Evaluate the changing threat landscape and align risk treatment strategies. As we transition towards a more digital world, it is evident that the industry will continue to be a gold mine for attackers and the number of attacks will rise exponentially. India’s payment industry will need to stay ahead of attackers by having comprehensive security measures in place to keep their customer data safe with adoption of data security standards. (For ex. PCI DSS v4.0)

How fintech ecosystem has become extremely essential for the growth of the players at the financial sector?

India is accounted for the highest fintech adoption rate of 87%. We are the third largest fintech ecosystem in the world, FinTech in India has gained a lot of traction and found phenomenal economic growth the country has experienced in the last few years. The fintech ecosystem has completely revolutionized and transformed the banking and finance sector in India with high adoption of newer payment methods and better technology like mobile wallets, mobile banking, and secure payment gateways and these led to a very high and ever-increasing number of paperless transactions and lendings. The recent innovations in fintech help ensure safer, securer and fast transactions with an enhanced user experience which has completely transformed and modernized banking and financial institutions.

What are some of the notable impacts that the PCI Council has made in the last three years?

Over the years, since PCI-DSS v1.0 was released, the Payment Card Industry Security Standards Council has introduced additional standards to address every specific area of cardholder security to reduce the risk of cybersecurity. For the last three years, PCI has introduced v3.1, v3.2 and v3.2.1 which introduced additional standards to address specific areas of cardholder security addressing all the growing threats in the payment industry. PCI applies to all entities including merchants, processors, acquirers, issuers, and service providers. The updates to the standard focus on meeting the evolving security needs of the payments industry, promoting security as a continuous process, and increasing flexibility for organizations.

What is next for the council and the payments ecosystem here in India?

Engaging stakeholders in India to talk about critical issues is a big part of the PCI SSC’s work here in India. PCI SSC also looking to forward to accelerating awareness campaigns, sharing knowledge and fostering greater participation from Indian organizations to improve payment security.” One of our most anticipated developments in payment card data security is the introduction of PCI Data Security Standards (DSS) version 4.0 .The PCI DSS v4.0 will support organizations using a broad range of controls and methods while providing added flexibility in how they can meet their security objectives. The updated version addresses changes in technology, risk mitigation techniques, and the threat landscape. Furthermore, since the methods of making and taking payments are becoming more advanced, security standards will be more focused on securing the software-enabled mobile payments infrastructure. PCI SSC continues to work on creating new and robust standards for the security of mobile and software-based payments.

How fintech disruption trends are changing the payment landscape on the horizon?

FinTech companies are providing new and innovative solutions that are changing the way financial services are delivered and the financial landscape in general. Financial institutions’ services increasingly turn to fintech solutions to improve their operations and method to stay competitive in the financial sector. This includes adopting new technologies and rethinking their business models. By doing so, they have had a profound impact on the way the payment industry operates daily. Fintech trends are not just changing the way financial institutions operate; it is also empowering consumers, merchants and businesses with new tools and technologies. With the fintech industry evolving rapidly, the payment landscape is up to date with all the new technologies making it easier for them to secure their data.

How will work-from-home lead to a paradigm shift in the IT industry?

The pandemic impacted all sectors but undoubtedly, it changed a paradigm shift in the tech industry.