PCI Launches Payment Card Cybersecurity Effort in the Middle East
The Payment Card Industry (PCI) Security Standards Council plans to extend its role to the Middle East, as the volume of card-based payments continues to climb in the region and, along with it, payment-card fraud.
In April, the PCI SSC assigned a regional director to the Middle East to work with regulators, banking and financial institutions, and service providers on initiatives to improve the security of card transactions. The move comes as the volume of global card fraud is expected to hit $36 billion in 2024, up from $28 billion in 2020, although the share of fraud compared to transaction volume will shrink slightly, to 6.5 cents per $100, according to the annual “Nilson Report” released in December.
The PCI SSC plans to work closely with any organization that handles payments within the Middle East payment ecosystem, with a focus on security, says Nitin Bhatnagar, PCI Security Standards Council regional director for India and South Asia, who will now also oversee efforts in the Middle East.
“Cyberattacks and data breaches on payment infrastructure are a global problem,” he says. “Threats such as malware, ransomware, and phishing attempts continue to increase the risk of security breaches. Overall, there is a need for a mindset change.”
The push comes as the payment industry itself faces significant changes, with alternatives to traditional payment cards taking off, and as financial fraud has grown in the Middle East.
Through 2027, the payments industry will likely grow at an annual rate of 6.2% — a healthy pace, albeit lower than the 8.3% growth rate of the past five years, according to a September 2023 report published by the Boston Consulting Group. While card-based financial transactions continue to dominate, accounting for more than $30 trillion in point-of-sale and e-commerce transactions in 2023, alternate payment methods are taking off, totaling more than $11 trillion in 2023 and growing at twice the rate of card-based payments, according to BCG’s Global Payments Model.
Currently, there are more than 5,000 fintechs globally that account for $100 billion in revenue, a number set to grow to $520 billion by 2030, according to BCG.
Digital Wallets, Not Plastic Cards
The Middle East is one region where the changes are most pronounced. Middle East consumers prefer digital wallets to cards, 60% to 27%, as their most preferred method of payment, while consumers in the Asia-Pacific region slightly prefer cards, 43% to 38%, according to an August 2021 report by consultancy McKinsey & Company.
Cybercriminals follow these shifts as well, and that worries businesses in the region. Seven out of every 10 businesses executives in the United Arab Emirates, for example, believe financial crimes risks will worsen in the next 12 months, essentially the same as US executives, according to the “2023 Fraud and Financial Crime Report” published by consultancy Kroll.
The PCI Security Standards Council plans to adapt to the digital landscape, and in November 2022 introduced a mobile payments standard, PCI Mobile Payments on COTS (MPoC), which provides a standard for development of mobile-app-based payments.
“Emerging technologies and innovation are reshaping our industry, along with the rise in popularity of mobile payments and contactless transactions,” Bhatnagar says. “Organizations need to become aware of security risks and take them seriously, because the criminals take it seriously — their sole objective is to break into an organization and steal data and monetize it.”
Cybersecurity Education & Technology
Preventing payments fraud has become a priority in the Middle East and Africa (MEA) region, as efforts to improve financial inclusion have led to more mobile payment and digital bank accounts.
The open source Tazama Project, for example, is building an antifraud platform for banks and governments to allow them to use data on account holders and transactions to detect likely fraud. Meanwhile, Network International, a digital commerce platform in the Middle East and Africa, adopted Mastercard’s AI-powered fraud-prevention solution to reduce fraud in digital transactions.
“Organizations should start prioritizing data security as an important element in their day-to-day business activities,” Bhatnagar says. “Investing in cybersecurity is equally important. Getting employees trained and improving on cyber hygiene will help organizations take steps in the right direction.”
Technologies like generative AI could both help and hurt payment security. While cybercriminals are increasingly using the technology to part consumers from their cash, businesses are able to use the technology to catch more fraud schemes. Currently, two-thirds of executives (64%) plan to invest in antifraud technology and more than half (56%) plan to increase their cybersecurity budget to deal with the risk, according to consultancy Kroll.