The payments sector is constantly under pressure when it comes to cybersecurity, given the sensitive and valuable data it handles on a daily basis. This industry has had to adapt quickly in order to stay ahead of cyber threats, with many experts pointing to its collaborative approach as a model for other industries to follow.
At the forefront of cybersecurity efforts in the payments sector is the PCI Security Standards Council (PCI SSC), a global organization that brings together stakeholders to promote best practices in data security. One of the key initiatives of the PCI SSC is the Payment Card Industry Data Security Standard (PCI DSS), which sets out guidelines and requirements for businesses that handle payment card information.
Since its inception in 2004, the PCI DSS has gone through several updates to address evolving threats and technologies. The most recent version, 4.0, was released in March 2022 and introduced new requirements such as implementing multi-factor authentication for access into cardholder data environments and addressing API security considerations. This new version will be enforced starting March 31, 2024.
In January 2024, the PCI SSC announced the appointment of Gina Gobeyn as its new executive director, making her the first woman to hold this role. With almost two decades of experience in the industry, Gobeyn’s main focus will be on overseeing compliance with the new PCI DSS version.
In a recent interview with Infosecurity Magazine, Gobeyn highlighted the unique cybersecurity challenges faced by the payments industry, including emerging technologies like AI and biometrics, as well as the increasing risk of malware and ransomware attacks. She emphasized the importance of collaboration in addressing these challenges and shared her priorities for her new role at the PCI SSC.
Looking ahead, Gobeyn emphasized the importance of continued collaboration within the industry and the need to stay vigilant against cyber threats. She also stressed the role of the PCI SSC in educating the marketplace on best practices for protecting payment data.
In conclusion, Gobeyn’s advice to fellow cybersecurity leaders is to engage in collaborative efforts with industry stakeholders and to join programs like the Participating Organization program to contribute to the global community’s efforts in securing payment data. With a focus on collaboration and staying ahead of evolving threats, the payments sector continues to lead the way in cybersecurity practices.