The financial sector in the face of more cunning cybersecurity threats
Although compliance with the Payment Card Industry Data Security Standard has improved significantly in 2020, the cybersecurity threats facing organizations are more cunning and evasive than they were a while ago. another two years, according to Verizon’s 2022 Payment Security Report.
This year’s report found that overall PCI DSS compliance improved significantly in 2020, with 43.4% of organizations maintaining full compliance, up from 27.9% in 2019.
Additionally, while more than half (56.7%) of organizations failed their interim validation assessment due to one or more security control omissions, the security control gap still grew significantly. improved from 7.7% in 2019 to 4% in 2020.
“Despite compliance improvements, we know the bad actors are still out there and stronger than ever,” said Sampath Sowmyanarayan, CEO of Verizon Business.
“Our own 2022 Data Breach Investigation Report found that the financial sector continues to be victimized by motivated organized crime, with servers implicated in 90% of financial breaches,” he said.
“As a result, working harder on your current strategy is unlikely to make a difference. strategy.”
The Covid-19 pandemic has intensified online business activities and payment card transactions, but it has also enabled the skillful exploitation of existing and emerging threats and weaknesses in payment systems and processes.
To further complicate the payment security landscape for information security officers and other security practitioners, the PCI SSC recently instituted the most significant rewrite of the DSS since its publication in 2004. Although t is a significant step forward, security managers need to focus their attention and resources on adapting to these new requirements. Released earlier this year, PCI DSS v4.0 will go into effect in 2024.
“There has been extensive industry feedback leading to changes to PCI DSS v4.0,” said Lance Johnson, executive director of the PCI Security Standards Council.
“Key changes to the standard focus on meeting the ever-changing security needs of the payments industry, continued advancement of security processes, increasing flexibility for organizations using different methods to achieve security goals. safety and improvement of validation procedures.”
Design Priorities for PCI DSS v4.0
CISOs and their teams will need to apply a logical and coordinated process to assess the requirements and constraints of PCI DSS v4.0, while navigating through the changes. To help organizations in the payments industry simplify the complexity of these new measures and ensure data security, PSR 2022 includes a toolkit of templates and management frameworks useful for negotiating PCI DSS v4.0.
The report highlights that the challenges faced by organizations in data security and compliance management have identifiable cause and effect relationships. The key to achieving continued growth and stability in security and compliance program performance is finding a way to focus resources only on the parts of the security environment that currently limit or block further improvement – the weakest links. weaker, system constraints or leverage points. As such, strategic planning, coordination and execution at the operational level are paramount to avoiding costly data breaches.
Potential impact of 5G on payment card compliance
The appeal of emerging technologies, such as 5G and edge computing, grew as the COVID-19 pandemic exposed the weakest links in the financial services industry. The speed and stability of 5G will continue to improve the mobile experience for the payments industry, providing greater security for customers through advanced biometric-based identification and verification methods. It will also provide more secure connections for video conferencing, with participants such as finance professionals and credit counselors.
Financial institutions and merchants will continue to find innovative ways to benefit from the enhanced capabilities of 5G, open architecture, and multi-access Edge Computing (MEC) technologies. At the same time, security practitioners need to explore how these new innovations might impact PCI DSS compliance posture.