PCI DSS standard, key in data protection and digital payments

Mexican organizations and consumers still lack the technological tools and sufficient sensitivity to protect their personal data when making any transaction with payments through card at traditional collection points and on the Internet, despite the fact that every day opportunities for online business, that new digital sales channels are being opened and that Mexico says goodbye to the year 2021 with 28 million credit and / or debit cards in use; but above all also, because in 2020, according to the National Banking and Securities Commission (CNBV), the growth of the collection terminals rebounded by 26%, due to the fact that people put aside the cash payment due to the Covid pandemic -19.

Until a few years ago, the reliability of telecommunications networks, where data is sent and received, was the only link in the entire ecosystem of the digital economy that was called into question when a vulnerability arose in the handling of sensitive data. But now many more actors are involved in the safeguarding of financial information and, in fact, telecommunications companies invested 4.3 billion dollars in all of 2020 globally, according to IDC, in ICT and security applications to move away cyber crime.

Experts and representatives of recognized companies related to the safe handling, safeguarding and protection of data agreed that in Mexico, very few companies in all sectors protect their card transactions, about 21% of all those who browse the Internet. with the offer of products or services and who receive card payments. This figure clarifies the diagnosis of the Bank of Mexico (Banxico) that the country was, in 2020, the second market in Latin America with the highest identity theft since card transactions as a means of payment.

It happens that organizations in Mexico, from all economic sectors, are unaware or do not comply with the criteria of the PCI DSS standard (Payment Card Industry Data Security Standard), a set of standards built by the companies Visa, MasterCard and American Express, and that establish certain controls for the protection of the cardholder’s sensitive data during the process of authentication, processing, storage and transmission of the card transaction; from the origin to the end of the transaction with this method of collection and payment.

The representatives of the companies Fornetix, BitDefender and Forcepoint, as well as BuróMC Seguridad Informática endorsed the use of the PCI-DSS standard, after the coronavirus pandemic accelerated online and card purchases, but that companies and consumers have put a scant attention to data protection.

“The technology available in the market is in a condition to help comply with the PCI DSS regulation, with this we will ensure the future of payments, thus manufacturers, software providers and integrators, and all the brands of this security ecosystem, are very complete to support organizations in the protection of end user data ”, said Roberto González, country manager for Mexico, Central America and the Andean region of Fornetix.

González said that PCI DSS is a standard that requires a more responsible management of risks, with the proper handling of sensitive information. Otherwise, you run the risk of fraud, loss of reputation and legal problems. Complying with that standard, added the head of Fornetix in Mexico, translates into a better use of the economic opportunities and benefits that the digital transformation also triggers in the country. “Digital services are created daily (…) Digitization allows expansion and is breaking down borders. Digitizing is a necessity today and everyone needs a payment system today and the most used method is through debit / credit cards, which is dominating the market ”.

Elías Cedillo, founder and director of Buró MC Seguridad Informática, was in the same line, recalling that there are already effects due to non-compliance with the PCI DSS standard. As a single sample, the MX Internet Association said last September that in all of 2019 the theft of data and fraud due to transactions in online commerce and payment with cards increased by 40% with respect to the data of 2018, this Also, because the organizations are unaware of or do not comply with the PCI DSS.

Elías Cedillo recalled that in addition to companies that do not comply with the PCI DSS standard, end users are also wary of handing over their sensitive data, because they do not know how third parties can handle that information. The director of Buró MC Seguridad Informática is correct, because according to the Mexican Association for Online Sales (AMVO), in a report from September 2021, he pointed out that eight out of ten Mexican consumers who do not yet carry out an online commerce operation This is because they do not want to risk more electronic fraud, the cloning of their cards or the theft of their identity.

“We have a challenge there. What if one day your password or an authentication device is stolen. To repair the damage, they can change your password or token, but what happens when it comes to biometric data; They have your voice, your footprints … It will be interesting to see how they try to cover these types of challenges, especially when electronic signatures, Fintech and many other applications come ahead, and that they are not going to stop, that is why we must act with the protection, ”said Elías Cedillo. Whoever does not take protective measures loses money in the long run, he concluded.

Technology is there to meet the needs of organizations, said Enrique Rivera, Forcepoint’s chief commercial technical engineer, regarding organizations’ compliance with the PCI DSS standard.

“We have a first challenge, which is compliance with regulations and good care with data management and in addition to that, we now have the challenge that the pandemic came to accelerate the digital transformation and that we have to move everything or almost everything towards the cloud and at the same time we have to work together with the client without losing the good use of their data, which is the factor to take care of in this environment ”, said Enrique Rivera, recalling that telecommunications companies invested only in the third quarter of 2021, about $ 50 billion in cloud infrastructure, according to a Canalys research.

“As companies, we must make an effort to comply with the PCI DSS regulations, because this shows that we do not have a technology that works against these risks. There are too many tools, but little visibility and insufficient prevention and that is why the attacks have been too successful and it also happens that in Mexico cybercriminals are increasing their attacks and are coordinating themselves, ”said Horatiu Bandoiu, BitDefender channel marketing manager.

Horatiu Bandoiu agrees with another AMVO report that, in 2020, due to the coronavirus pandemic and the increase in online purchases, card fraud on the web increased by 81 percent.

With information from Nicolás Lucas.


Leave a Comment