Cashless payments are growing rapidly in Asia-Pacific and so is cybercrime, costing the region an estimated $US 81 billion.

With new combinations of malware customised for local markets, phishing and social engineering attacks as well increasing e-commerce and ATM fraud, businesses are increasingly at risk for payment data theft, according to the PCI Security Standards Council.

Singapore’s cards and payments market is one of the most competitive and attractive in the Asia-Pacific region. Already, 69 per cent of consumer spending in Singapore is made through electronic payments.

It’s against this backdrop that global payment and cybersecurity experts met at the PCI Asia-Pacific Community Meeting in Singapore to collaborate on helping businesses prevent, detect and respond to cyberattacks that can lead to payment data breaches and fraud.

“We simply must work together to advance payment security,” PCI Security Standards Council (PCI SSC) international director Jeremy King told attendees.  

“New technologies are driving adoption of cashless, mobile and digital commerce in Singapore and the Asia-Pacific region, and it’s critical that we ensure consumers remain confident in the security of their financial information with every payment transaction. As payments evolve, businesses must prioritise data protection with robust security standards and practices.”

The PCI SSC has reinforced its mission to foster secure transactions globally and emphasised that as new cyber threats emerge, and advances in technology change the way payments are conducted, PCI Standards will evolve to protect the next generation of payments. Regional and industry experts speaking at the event included representatives from the PCI Security Standards Council, Interpol, Verizon, Diners Club Singapore, Foregenix, Beijing Information Technology and Pen Test Partners.

Presentations and discussions addressed a mix of regional and global topics ranging from new threats via the Internet of Things; cybersecurity trends in Asia-Pacific; Point-to-Point Encryption for protecting payment data throughout the entire processing environment; preventing skimming at ATMs and the future of mobile and digital commerce.

PCI SSC GM Stephen Orfei said the Asia-Pacific region has made tremendous advances in payment security in the past decade.  

“More and more companies in the region are making cybersecurity a top priority.  With the rapid growth in mobile payments, now, more than ever, we must join forces to devalue payment data and make it useless to criminals.  It is very encouraging to see industry and public-private partnerships in Asia-Pacific working together to address the ever expanding cyber threats from around the world.”

The PCI Security Standards Council is a global forum that is responsible for the development, management, education, and awareness of the PCI Data Security Standard (PCI DSS) and other standards that increase payment data security.

Key focus areas at the PCI Asia Pacific Community Meeting included:

• Devaluing data with point-to-point encryption: More and more solution providers in Asia-Pacific are encouraged to adopt the PCI Point-to-Point Encryption (P2PE) Standard to provide solutions that devalue data and simplify security and PCI DSS compliance efforts for businesses.

• Simplifying security for small merchants: The PCI SSC Small Merchant Task Force urged banks, technology providers and security assessors with small business customers to adopt and disseminate newly published PCI Payment Protection Resources for Small Merchants.

• Improving security of online and mobile payments with stronger authentication: PCI SSC chief technology officer Troy Leach discussed the newly released device standards (PTS POI v5 and HSM v3) that support online and mobile payment security. PCI SSC is collaborating with EMVCo to support 3-D Secure 2.0 (3DS 2.0), which provides a way for consumers to directly authenticate their card with the card issuer when shopping online.