In a recent development, a leading cybersecurity company CEO has emphasised the importance for banks and financial institutions to adhere to PCI SSC standards, as failure to do so heightens risks. CEO Ravin Prasad of Cybernetic Global Intelligence (CGI), a leading name in cyber security companies, said, “banking and finance services need to comply too should they need to maintain their financial licence”.
“Banks, credit unions, super funds, local Councils, are at high risk as they do not meet the requirements for PCI DSS standards and too often are overlooking the requirements set by PCI SSC.
APRA with ASIC is warning banking and financial sectors are lacking in requirements and compliance standards and is now requiring banking and finance sectors to start complying with the required PCI DSS compliance standards,” Prasad said.
Ravin Prasad in giving cyber security updates, said: “Public-sector agencies handling credit and debit card transactions are mandated to adhere to the PCI DSS framework, ensuring PCI DSS compliance standards are adhered too.
“However, a new version of these regulations, PCI DSS v4.0, is now implemented in 2024. These updated standards necessitate agencies conforming to new and enhanced PCI DSS compliance requirements, marking a significant revision since its inception in 2004”.
Manish Chaudhari, chief information security officer of Cybernetic Global Intelligence, claims that the updated PCI DSS will strengthen and resilience the entire cybersecurity architecture.
“Under PCI DSS, organisations, including businesses and public-sector entities, accepting credit or debit card payments (e.g., Mastercard, Visa) must comply with its requirements.
Failure to do so can lead to substantial fines and potential suspension of card payment acceptance. PCI DSS v4.0, the latest iteration, represents the most substantial overhaul in 19 years, introducing several noteworthy changes. Although the fundamental structure of the PCI Standard remains intact, v4.0 brings forth key modifications to align with evolving objectives and requirements.”
Notable changes in PCI DSS v4.0 include:
- Disk-or partition-level encryption alone is insufficient.
- Implementation of an anti-phishing solution is mandatory.
- A web application firewall (WAF) is now a requirement.
- Multi Factor authentication (MFA) requirements have been updated.
- Stored hash values must be protected by a cryptographic key.
- Certificates safeguarding cardholder data (CHD) must be signed by a valid certificate authority (CA).
- Enforcement of integrity controls for payment page scripts is mandatory.
- Hard Coded passwords for apps are prohibited.
- Authenticated vulnerability scans are obligatory.
- Application and system account passwords must have expiration policies.
“Preparing for PCI DSS v4.0 involves strategic steps such as conducting a Cybernetic Global Intelligence PCI DSS compliance assessment, notably by PCI QSA auditors, which identifies security weaknesses and aligns with compliance expectations,” Chaudhari said.
“As PCI DSS v4.0 is set to come into practice in 2024, public sector enterprises need to make major changes to their security standards in key areas. These include patch management, credit card processing, web app security, anti-phishing, network enhancements, and web app security. The PCI DSS security standards are applicable to all system elements within or linked to the cardholder data environment (CDE).
“The CDE comprises individuals, procedures, and technologies that process, store, or transmit cardholder data or sensitive authentication data.”
To cut a long story short, it seems that the importance of data security continues to rise, and adherence to PCI SSC standards is paramount for banks and other financial institutions. Failure to comply not only jeopardises sensitive information but also exposes institutions and their customers to increased risks. It is imperative for these organisations to prioritise and diligently maintain these standards to safeguard against potential threats and uphold trust within the financial ecosystem.
If you want your organisation to become PCI compliant in view of its new variant becoming operational now in 2024, get in touch with Cybernetic Global Intelligence, a certified PCI DSS QSA service provider.
To know more, contact us at 1300 292 376 or via email at email@example.com or visit our website https://www.cyberneticgi.com/.