The second edition of the Payment Card Industry (PCI) Middle East Forum, which took place in Dubai recently, urged companies in the region to maintain rigorous processes and continually updated technology to prevent the loss of their payment and customer data, particularly in its burgeoning e-commerce and mobile commerce spaces.
“Organizations in the Middle East have got to understand as they adopt the new payment technologies and processes, especially in the e-commerce and mobile commerce spaces, they are exposing themselves to global criminals,” Jeremy King, international director of the PCI Security Standards Council, told Gulf News Journal.”What’s unique to e-commerce in this region is the reliance on cash-on-delivery payments, which has many challenges including difficult and insecure payments.”
According to data from We Are Social's 2016 Digital Yearbook, the e-commerce industry in the Middle East and North Africa is set to increase by 11 percent by 2019, to more than $5 billion. It is thought that the regional payment industry is on the cusp of a paradigm shift that could unlock a wealth of new small- and medium-sized business opportunities.
Despite the opportunities for small- and medium-sized businesses are fantastic, there are also great challenges and risks of theft in this field. To alleviate this issue, PCI has been working in cooperation with industry partners and security experts to develop its own small merchant guide.
“The guide focuses on trying to simplify the language used to explain payment data security, and utilizes pictures to show how small merchants can be vulnerable to attack and how best to defend themselves,” King said. “We are targeting the end of June to have the guide available.”
Currently 80 percent of online transactions in the Middle East are fulfilled by cash on delivery, which poses many challenges in payment security. King said there are many new technical solutions such as PCI-approved mobile Point of Sale devices that would assist in this area by enabling a delivery driver to accept chip cards for payment. Also, the collaboration between industry, law enforcement and regulators is essential to ensure a winning approach to payment data security.
“We are working against global criminal organizations who can be based anywhere in the world to hack in and insert malware and collect cardholder data,” King said. “ It’s then essential to initiate and maintain PCI security standards – training people, beginning new security processes and installing the right technologies - to prevent against this kind of attack over time.”
In the Middle East, banks, merchant and other organizations in the payment chain are seeing definite benefits with improved security thanks to their early work instituting PCI standards. The work is instilling confidence in the payments process, especially in terms of face-to-face e-commerce, which is helping boost the use of technologies such as EMV, encryption and tokenization as reinforcement that they and their information are being protected.
“We are seeing different types of attacks today, such as in the Panama breach, where they are stealing other types of data too,” King said. “The same is true with Ransomware attacks. Understanding this and focusing on a good level of security will help meet all of their areas of data vulnerability.”
The forum stressed that the companies in the Middle East can prevent the loss of their payment and customer data by focusing on training people, maintaining rigorous process and continually updating technology—all in a culturally appropriate manner.
“Our Middle East Forum confirmed that many organizations in the region are now working toward this and understand the need for improved security for protecting all of their payment data,” King said. “It’s the nature of business today that there will always be more to be done and there will always be people who can collaborate with you on it.”