Wed Jun 30 BST (4 months ago)
In your timezone (EDT): Wed Jun 30 3:00am - Wed Jun 30 12:00pm
The deluge of digital payments precipitated by the pandemic, both B2C and B2B, has been enabled by a complex ecosystem of new and traditional payment providers and platforms. Whether push or pull, these payments represent a series of opportunities for cybercriminals.
They can hack the authentication and authorisation processes at various points in the transaction, targeting POS devices, e-Commerce shops, mobile payment devices, credit cards and the data transfers between parties at the initiation of the payment; they can target refund and money reversal processes; and they can target the clearing and settlement process and the underlying bank infrastructure.
Building a secure payment lifecycle was always complicated. But the introduction of new less-regulated fintech intermediaries, new payment methods, and the supposed plug-and-play convenience of PSD2 and APIs has made security harder. And companies’ desire for data enrichment via cookies and browser plugins (or yet more APIs), to give them better market and customer insight introduces more access and authorisation headaches.
Today’s payment processes cannot be made cybersecure by following a single framework, regulation or industry standard.
Instead, companies must accept the complexity of the payments ecosystem, identify the key points in their own specific e-Commerce and digital payments lifecycles, and secure each of these to ensure both the security and privacy of all client data and payments, but also their own integrity and fraud resilience.
To do this, firms need to adopt continuous monitoring of their whole payment ecosystem to detect attacks immediately and stop further damage quickly.
They need to ensure that their standards for authentication and access are up to the task both of preventing external hacks and imposing security discipline on internal application developers.
And the days of annual or semi-annual control environment testing and regulatory audits are long gone.
No cybersecurity or compliance professional should be relying on the mandatory minima.
And they also need to understand where their responsibilities mesh with those of the providers of ‘back-end’ security solutions such as point-to-point encryption (P2PE), and tokenization. Indeed, a key decision is how to transfer as much of their payment security risk as they can from their company to their payments provider partners.
At PCI London June we will be looking at how companies must secure the entire payment lifecycle from first click to last cash movement.
• Who should be responsible for this process?
• How do cybersecurity and compliance create a joined-up framework to keep their companies and their customers safe?
• And how do PCI DSS professionals leverage their existing knowledge to build the foundations of a comprehensive payments lifecycle security and privacy process?
EDUCATION SEMINAR SPONSORS: