Connect with us

Banking

HOW DOES PCI DSS IMPACT BANKING AND BANKING APPLICATIONS?

– Narendra Sahoo is a director of VISTA InfoSec

 

Over a million people across the globe become victims of cybercrime daily.  What is more alarming about the situations is that, despite taking numerous precautionary measures, hackers manage to evolve and use advanced techniques to break into systems and illegally access critical data.  Having said that, you have every reason to worry about the confidentiality of your business-critical/customer data. Over the years research reports on cybercrimes suggest most of the data breach that occurs is related to debit and credit cards. This is why the PCI SSC Council was incorporated and the PCI DSS standards were set in 2006 to strengthen information security and secure customer data.

 

About PCI DSS

Payment Card Industry Data Security Standard is a set information security standard that is administered by the PCI Security Standards Council.  The set Standard was established by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. to safeguard debit and credit card data. The scope of PCI DSS Standard covers organizations implementing data security management, security policies and procedures, network architecture, and software design in place for better information/data security. This will ensure that organizations that accept, process, store, or transmit payment card information maintain secure environments to protect consumers and merchants. Put simply, the PCI DSS standards apply to any organization that holds, processes, or passes cardholder information from any card branded with the logo of any of the card brands. However, PCI DSS compliance is not a legal requirement but an established form of self-regulation. The organizations that process card payments are expected to contractually agree with the payment card brands to comply with PCI requirements.

 

Implication of PCI DSS on Banking and Financial Industry

Banks that issue Visa, Mastercard, American Express, and Discover cards are contractually expected to comply with the Payment Card Industry Data Security Standard (PCS DSS). Entities that handle card data from one of the five major card brands, namely Visa, Mastercard, Discover, American Express, and JCB International, are required to comply with PCI DSS requirements. As per the PCI DSS compliance, it required that the entities that are contractually obliged to comply are expected to govern and secure payment card data of consumers by all means.

Financial institutions, including issuing banks (banks that offer credit cards to consumers), acquiring banks, ( financial institutions that hold merchants’ bank accounts, receive payments through the card processors, and deposit funds on behalf of the merchants) merchants and service providers who process transactions and enter into contracts with the five-card brands should ensure protection and safety of cardholder data.  For that matter, even if an organization processes just four card transactions a month are also expected to be PCI compliant. Moreover, a company that uses a third-party payment processor is also expected to comply with PCI standards. The PCI DSS offers clear guidelines to banking and other financial institutions on ways to detect fraud and prevent data theft/loss and ways to deal with an event of a data breach.

 

Fines and penalty for Merchants and Banks on non-Compliance 

In case of an event of a data breach, the card brands will investigate a merchant’s level of PCI DSS compliance and also assess the bank’s PCI DSS compliance enforcement. Based on the findings the fines are accordingly distributed between the bank and the merchant. Fines typically vary anywhere between $5,000 to $100,000 per month depending on the size of the merchant’s business and the degree of noncompliance. It is however important to note that the fines that bank incurs can be passed to the merchant via high transaction fees or service charges. In case of a repeat violation, additional fines may be levied depending on the merchant’s acquiring bank. Fines levied may also be revised over time and further increase until the merchant is deemed compliant. If the merchant is still not compliant, its power to take credit cards may eventually be revoked.

 

PCI DSS Requirements of security tests for banks

PCI DSS has set stringent norms that banks are expected to follow diligently to stay compliant. As per the set Standards, banks are required to perform adequate security tests and implement required measures to ensure cardholder data is secure. Below given is a list of security test that banks are expected to conduct-

  • Banks are expected to run controlled data breach attempts against the bank network on to ensure the network, end-point and web application are secure
  • Perform various security tests to identify known vulnerabilities like SQL injection, OS command injection, Cross-site scripting, broken authentication to name a few.
  • Banks need to quarterly conduct tests on authorized and unauthorized wireless access points.
  • Perform Penetration testing on networks and applications at least once a year or after a signification change has been made to the application. The aim of running a Pen Test is to identify all possible threats and vulnerabilities and try to exploit them to gain more access to systems both at the application and network level.

 

Conclusion 

Most financial organizations find it challenging to meet the security testing requirements of PCI DSS. However, from the security point of view, the majority of Indian banks and the payments industry have been complying with the PCI DSS Standard policies and requirements and set the Security Standard as a priority. They have embraced the Compliance Standard in a big way by diligently establishing service provider compliance, merchant compliance, and setting frameworks for risk assessment, and security testing for both network and application layer. Moreover, failure to comply with the set standards will have severe consequences in terms of loss of trust and credibility and, not to mention even bear a hefty penalty.

 

Author Bio: Narendra Sahoo is a director of VISTA InfoSec, One of the foremost companies in InfoSec Compliance, Assessments and Consulting services providing vendor neutral services in areas such as PCI DSS Consulting & Certification, PCI PIN, SOC2, GDPR, HIPAA, MAS TRM, PDPA, PDPB, VA/PT,Web/Mobile Appsec, Red Team Assessment, etc.

 

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Banking

SEIZING THE OPEN BANKING OPPORTUNITY

Nick Maynard is a Lead Analyst at Juniper Research

 

Open Banking has made significant progress in 2020, having recently launched across much of Europe and now starting to emerge in other markets too. And there are two primary reasons why Open Banking is disrupting the banking industry so much:

  • Banks have begun to discover the real competitive advantage of a more open approach to banking. Offering a superior Open Banking experience to customers can be a compelling differentiator from other competitors as part of a wider digital app experience. Open Banking also creates a level playing field in markets where regulatory intervention has led to Open Banking deployment. As all banks are required to deploy APIs in this scenario, the situation is the same and does not put any one particular bank at a disadvantage.
  • Legislation – for example, in October 2015, the European Parliament adopted PSD2 (the revised Payment Services Directive). By early 2020, major banks in the EU had adopted Open APIs. There have however been many cases of late deployments of APIs and problems with the availability of APIs.

 

Nick Maynard

The Disruption Factor

Open Banking is a major disruptive factor for banks. The reason for this being that it opens up account data to both AISPs (Account Information Service Providers) and PISPs (Payment Initiation Service Providers), which can attempt to carve out a role in the banking area.

  • AISPs: These new vendors are able to access transaction data and balance information, as well as related information. This has, in particular, led to the rise of vendors such as Emma, Yolt and Connected Money. These vendors combine information from multiple sources, adding value to the user.
  • PISPs: In this case, the vendors are able to leverage Open Banking API connections to initiate payments directly from the bank accounts in question. This means that these players are able to bypass traditional payment methods, such as cards. Vendors such as American Express and PayPal have already launched solutions that have taken full advantage of this action.

 

PSD2 Changes

Generally, the implementation of the new PSD2 European regulation for electronic payment services effectively reduces the entry barriers for new digital players. It also opens up banks to the potential for competition, enabled by their own APIs. This allows these players to compete with existing services in fields currently offered by the banks. In the case of AISPs, it is possible that third-party applications could displace the role of the apps from incumbent players, which would dilute the bank’s relationship with their users.

As with any fundamental change to markets in the banking area, there is the potential to bring a number of both opportunities and challenges to consider with Open Banking.

Open Banking Opportunities & Challenges to Consider

Source: Juniper Research

Banks and other parties that are looking to become involved in the Open Banking ecosystem must weigh these opportunities and challenges carefully. Open Banking certainly needs a more collaborative approach than traditional banking models, which will require significant effort to make them successful.

 

The Forecast for Open Banking

The total number of Open Banking users is set to double between 2019 and 2021, reaching 40 million in 2021 from 18 million in 2019. The ongoing Coronavirus pandemic is increasing the need for consumers to have the clarity of combining their accounts and gaining insight on their financial health, and also boosting momentum in the adoption of Open Banking.

This extraordinary growth is being driven by Europe, where the regulator-led approach to Open Banking has created a standardised market, with low barriers to entry. This contrasts with markets like the US, where a lack of central regulatory intervention is limiting growth potential.

 

Open Banking – Delivering Opportunities and Threats

It is worth noting that Open Banking can be both a threat and an opportunity for traditional banks. While Open Banking exposes user information and access to potential competitors, this threat has the potential to affect all players in the market equally. Consequently, established banks must create innovative Open Banking services that will provide benefits for the user, while also attracting customers from less innovative competitors.

Payments will be critical to the emerging Open Banking ecosystem; accounting for over $9 billion in transaction value in 2024. However, payments in this ecosystem are at a particularly early stage. While eCommerce is dominated by card networks, there is the potential that this role will be eroded over time by ‘direct from account’ payments. Consequently, card networks should look to offer Open Banking-enabled payment services, in order to offset the risk of future disruption.

Open Banking Users in 2021 (m), Split by 8 Key Regions: 40 Million

Source: Juniper Research

 

Continue Reading

Banking

2021: THE NEW-NORMAL LIFECYCLE FOR BANKING

Laura Crozier, Global Director of Industry Solutions, Financial Services at Software AG

 

It would be impossible to talk about predictions for the banking industry in 2021 without mentioning the cataclysmic impact that 2020 and the pandemic has had on people, businesses and countries.

Unlike with the global financial crisis, banks have been able to step up as “good guys” this time around, rebuilding their reputations as well as accelerating digital transformation. One of the main outcomes is increasingly smart, efficient online payments.

In 2020, the banking industry innovated like never before. This is the new normal. Overall, customers and society will be the beneficiaries from the changing industry. Here are my predictions:

 

Reputations are reborn

Banks across the globe pulled out the stops to integrate and adapt systems and processes to help customers during the pandemic. They offered accommodations in loans, assisted governments with the distribution of financial relief, and supported consumers by upping contactless spending limits and virtual deposits.

In 2021, banks will risk losing that rosy glow as economic circumstances drive them to deal with non-performing loans, mortgage foreclosures, layoffs etc. But, beyond their role in society as providers of capital and liquidity, banks will invest to sustain their reputations as trusted and good corporate citizens and use their power to persuade their customers and providers to adopt higher environmental and ethical standards. This will be in the areas of bank carbon-neutrality, sustainable financing, serving the unbanked, diversity and gender equality (as the number of women running a major global bank will double from one (Jane Fraser at Citi) to two). It’s a start.

 

Coming of age in the way of working

Back in Q1, when bank employees cranked up their laptops on their dining room tables, banks that were strategically undertaking business transformation accelerated their efforts. Those that were tactical, or on the fence, now understand with painful clarity that this work must be undertaken strategically.

Cracks in process and the way of working and their resulting risks can be crippling. Especially from a back-office perspective, it is not enough to rely on “organisational memory” and collegial proximity for work to get done right. Advanced banks pushed the boundaries of remote work, and the proof of concept was successful. So, they’re doubling down on developing digital twins and moving to the cloud. They’re adopting the hybrid office/WFH approach to reduce health risks and reduce cost permanently. The watercooler will never be the same.

 

The death of cash

Ok, maybe the rumours of the death of cash are a bit exaggerated since there will always be the need for cash (and, to some extent checks; the USA, for example, cannot seem to live without them). But the pandemic has permanently changed the way that consumers and small businesses bank, and the demotion of cash has been accelerated by a decade by the pandemic. For example, the Norwegian central bank said that cash payments in that country have plummeted to just 4% of transactions since March.

Implications? It will be critical to continue evolving payments to be smart, safe and flexible to compete in new world, in both retail and commercial banking. Also, the permanent change in the mix of channels will see banks’ face-to-face engagement with customers fade. Branches aren’t going to go away entirely, but they will be reserved for high value activities – by appointment only. To compensate, the personal touch has to be delivered digitally and intelligently.

The role of the bank as a “financial wellness partner” is being born. Banks will use customers’ data, not just to personalise and differentiate banking experiences, but to make recommendations for products and services beyond traditional banking from across their ecosystem to serve their customers well. Just as customers own their cash (physical or digital), in the future they will demand that they own their data (and can share it with whom they choose). Then retail and commercial clients will share their data in return for value.

 

Continue Reading

Magazine

Trending

Business1 day ago

HOW TECHNOLOGY IS MAKING AIRLINES SMARTER DURING LOCKDOWN

Captain Nadhem is the General Manager of Alpha Aviation UAE   2020 has provided challenges to all industries, but few...

Business1 day ago

THE INEFFICIENT MARKETS THEORY

Fraser Thorne, CEO at Edison Group According to accepted financial thinking The Efficient Market Hypothesis (EMH) asserts that, at all...

Finance1 day ago

HOW WILL WE PAY IN 2021?

Nick Corrigan, UK & Ireland Managing Director, President of Global Payments.   As 2020 began, there was already much conversation...

Top 101 day ago

WHY BETTER PLANNING COULD BE THE INSURANCE INSURERS NEED

Adam Bimson, Chief Customer Officer, Vuealta   Insurance is predicated on the ability to plan effectively, to model accurately, and...

Business1 day ago

WHY IT IS MORE IMPORTANT THAN EVER TO SHOP SOCIAL

Dave Linton is an innovator, social entrepreneur, thought leader, mentor of social enterprises, motivational speaker and the founder and Managing...

Finance2 days ago

HOW COVID-19 HAS RESHAPED THE PAYMENTS LANDSCAPE

By Mohamed Chaudry, Group Chief Financial Officer of FoodHub   The year 2020 may well have sounded the death knell...

Business2 days ago

CREATING A PEOPLE-CENTRIC WORKPLACE CENTERED ON FLEXIBILITY, EXPERIENCE AND WELLBEING

By Anne Marie Ginn, Head of Video Collaboration, Logitech EMEA   The light is appearing at the end of the...

News2 days ago

UK OPEN BANKING FINTECH YAPILY ANNOUNCES EXPANSION IN VILNIUS

Yapily, a London-based fintech startup, has announced plans to set up in Vilnius, the company’s third European office. Yapily joins...

News2 days ago

FINTECH EEDENBULL SECURES PAYMENT TECHNOLOGY DEAL WITH NATIONAL AUSTRALIA BANK

EedenBull has announced a five year agreement with National Australia Bank (NAB), which allows the bank to deploy EedenBull’s innovative...

Finance2 days ago

2021 FINTECH PREDICTIONS

2020 has been a year like no other. The way we live, work, socialise and more has completely changed as...

News2 days ago

MARQETA ANNOUNCES PARTNERSHIP WITH GOLDMAN SACHS ON MARCUS CHECKING OFFERING

Marqeta’s modern card issuing platform will be leveraged by Marcus by Goldman Sachs to build new digital banking offerings.    Marqeta,...

Finance4 days ago

MAKE 2021 THE YEAR YOU DRAW UP A PERSONAL BUDGET

By Neli Mbara, Certified Financial Planner at Alexander Forbes   Budgeting is the most important thing you can do to manage...

News4 days ago

FINTECH EEDENBULL SECURES PAYMENT TECHNOLOGY DEAL WITH NATIONAL AUSTRALIA BANK

EedenBull has announced a five year agreement with National Australia Bank (NAB), which allows the bank to deploy EedenBull’s innovative payment...

Finance4 days ago

GEOSPATIAL DATA VISUALISATION MAKES SENSE OF MASS OF COMMERCIAL PROPERTY INSURANCE DATA

Heikki Vesanto, Manager GIS Data Science, LexisNexis Risk Solutions UK & I   Like most areas of the general insurance...

Top 104 days ago

A GUIDE TO HMO PROPERTY INVESTMENT

Many experienced property investors are turning their attention to HMOs and achieving much higher rental yields as a result. Find...

Finance4 days ago

PROTECTING THE DIGITALLY-EXCLUDED: BIOMETRIC IDENTIFICATION ENSURES ACCESS TO PAYMENTS IN A CASHLESS WORLD

By Vince Graziani, CEO, IDEX Biometrics ASA   The events of this year have exacerbated a number of challenges for...

Interviews4 days ago

‘GLOBAL TRADE IN 2008 VS 2021: GLOBAL IMPACT, DIFFERENT CHALLENGES’

A Q&A with Nawaz Ali Head of Insights at Western Union Business Solutions who draws comparisons between the financial crisis...

Finance4 days ago

FOUR WAYS OF FINDING THE SUPPORT AND RESISTANCE LEVELS

Support and resistance levels are mainly conventional values where a large number of orders assemble to stop a prevailing trend...

Finance5 days ago

TAX-FREE SAVINGS ACCOUNTS OR RETIREMENT ANNUITIES: KNOW THE SAVINGS PRODUCTS AVAILABLE TO YOU

By Michael Kirkpatrick, head of individual consulting best practice, Alexander Forbes   The start of a year is a great time...

News5 days ago

FROM PLASTIC WASTE TO PAYMENT CARD

Giesecke+Devrient invites to join the cause of saving the oceans.   Giesecke+Devrient (G+D) and the environmental organization Parley for the...

Trending