How New PCI Standard Eases Move to Cashless TransactionsPCI DSS Council's Troy Leach Describes Role of Software-Based PIN Entry Standard
A new standard from the PCI Data Security Standards Council could help ease the way for smaller merchants worldwide, especially in developing nations, to move to cashless payments using a variety of devices, says Troy Leach , CTO for the council (see Ensuring Security by Design in Payment Card Transactions).
"The Software-Based PIN Entry Standard provides a software-based approach for protecting PIN entry on a wide variety of consumer off-the-shelf devices for the purpose of payment acceptance," he explains in an interview with Information Security Media Group. As a result, smaller merchants, especially those in developing economies, can avoid having to invest in traditional hardware terminals and PIN-entry devices, which protect data using encryption.
The new software-based security approach, which includes encryption to protect PIN entry, can be applied across all environments, including IoT, cloud or any new form of payment transaction, Leach explains.
Leach, who spoke at a PCI Summit in Cape Town, South Africa, last week, says the software-based security approach will work well in that nation and other developing economies as they shift to cashless transactions.
In this interview (see audio link below photo), Leach offers insights on:
- The emergence of cloud-based security and compliance standards;
- The role of artificial intelligence and machine learning in securing payments;
- New security protocols using behavioral analytics.
Leach is the CTO for the PCI Security Standards Council, where he partners with council representatives, participating organizations and industry leaders to develop comprehensive standards and strategies to secure payment card data and the supporting infrastructure. He is a congressional subject matter expert on payment security and the current chairman of the Council's Standards Committee. Previously, he held various positions in IT management, software development, systems administration, network engineering, security assessment, forensic analytics and incident response for data compromise.