Card Not Present Fraud , Fraud Management & Cybercrime , PCI Standards
PCI Offers Lower Fees in Developing Markets
Part of Effort to Spread Use of Global Standards for TransactionsThe PCI Security Standards Council is offering 40 percent lower fees for participating organizations in nations with lower-income economies.
See Also: 2024 Fraud Insights Report
"We want to encourage countries in Africa and South Asia to get engaged with us," Jeremy King, international director at PCI SSC, tells Information Security Media Group in an exclusive interview. "We want to hear the voice of organizations working in these regions to ensure they match the global security standards." (See: PCI's Orfei on How EMV Will Spur Mobile Payments)
King acknowledges that for some countries, "the pricing of programs cannot be the same as that of developed markets." Thus, offering lower fees for participation in those markets was an "essential step," he says. (See: Securing Mobile Payments)
Although digital payments are growing worldwide, security is lagging in many markets, King says. "Security needs to be taken seriously. As the payment gets connected to the internet, there are increased chances of getting attacked by cybercriminals from across the globe," he says.
Under the new two-tier system, organizations in lower-income economies will pay a $2,250 annual fee, a savings of 40 percent.
"We see a huge opportunity here," King says. "Though this [shifting to mobile payments] is really good, the fact that merchants are more vulnerable to attacks is a big downside. Merchants should know that they need to keep their customer data secure, and the best way to do that is to follow global standards for payments security."
The Payment Association of South Africa has lauded the move.
"We are very pleased with the pricing changes that the PCI SSC is making to the PO Program, says Walter Volker, CEO of the association. "The revised pricing structure will hopefully lead to greater participation from organizations in South Africa and throughout the continent."
Expected Trends
Emerging economies in Asia and Africa have leapfrogged into the digital payments. Thanks to a large unbanked population, mobile payments are growing rapidly.
"People want flexibility and ease for doing transactions. At the same time they want security. This is where relevance of bodies like PCI SSC becomes important," says Steve Marshall, founder at Risk X, a UK-headquartered audit and incident response firm.
For instance, South Africa is seeing a rise in payments methodologies that are not dependent on Visa and Master Card, Marshall says. "Master Card is looking at removing the magnetic stripes from the cards in the region by next year. This will further reduce the use of ATMs in this market and give rise to new payments products," he says.
The move to cashless transactions worldwide is happening "because customers want flexibility and ease of transacting," Marshall says. "Having said that, security will have to remain a priority for the market to grow. The industry has to be regulated and follow a standard global security practice."
Lessons for Africa
Businesses that provide easy use of secure cashless transactions will have a competitive advantage, security practitioners say.
Providing a balance of convenience and security is essential, Marshall says. "It's important to have a balance. Otherwise, customers will simply go to your competition. People are driving the change in terms of the way they want to interact with payment channels. Gone are the days when merchants and banks used to dictate ways to transact."
Marshall says Africa should learn from the mistakes Europe made in payments security.
"Around 98 percent of attacks happening in the payments space are unsophisticated, meaning they are happening because of a lack of basic level of security," Marshall says. "For instance, if you use API-based ecommerce methods without proper security you will be attacked."
Therefore, digital payment companies must focus on end-to-end encryption and secure voice technologies and have make sure contracts with third parties handling customer data include adequate security provisions, Marshall says.