Magazines Archives - 2012 July

PCI SSC to educate & build awareness of card-payment security in the region
Story 6 - Retail Technology

GLOBAL payments industry standards body, the Payment Card Industry Security Standards Council (PCI SSC), hosted the region's first Asia Pacific Town Hall Meeting last month, to bring organisations in the region up-to-speed on standard developments and initiatives in the industry.

PCI SSC's Bob Russo: "It's a good opportunity for people to interact with their peers in the region to find out specifically what they're doing in this region and verticals."

Over 240 participants from 126 organisations in 16 countries across the Asia-Pacific region turned up at the inaugural meeting, to network and learn more about the initiatives that the council has launched as well as standards "above and beyond" what the industry is familiar with.

Speaking with Retail Asia on the inaugural council meeting, PCI SSC's general manager, Bob Russo, said: "Singapore is a large financial hub, which is one of the reasons we've chosen to do it here. We haven't actually visited Singapore, in terms of trying to create awareness or to educate merchants here, and we find that its central location would allow us to draw more people from each of the regions to attend the meeting."

He disclosed that the format for the Asia-Pacific council meeting, which takes place twice a year outside the region, was opened to "anyone who's interested in PCI", unlike other council meetings that are open only to members.

"It's a good opportunity for people to interact with their peers in the region to find out specifically what they're doing in this region and verticals. The key message that we're trying to get across is that we are a global organisation and not just a US- or European-centric group. If you store, process or transmit credit cards anywhere in the world, you'll have to be compliant with these standards," Russo asserted.

Having recently launched the PCI Point-to-Point Encryption solution for secure mobile payment acceptance — a standard that ensures information received by merchants who accept credit cards on any device is encrypted so that data remains unreadable and irretrievable within the device — Russo observed that technology, particularly mobile technology in the Asia-Pacific region, is the way forward for the industry.

"It has been shown that the best defence against having a breach is the security standards that we put out. Asia is such a vast, growing market, especially with the introduction of mobile devices … So there will be many more merchants accepting credit cards through mobile devices here and we want to make sure we're here to educate the industry on not only the convenience of these devices, but the security of the devices as well," he added.

While there are different trends throughout the globe, Russo noted that "exploits for breaking in and getting this data are generally the same everywhere".

"This part of the world is a little bit different because of the mobile side and the very quick acceptance of mobile. So you have quite a number of merchants out there who have never accepted credit cards before and are not aware of the security issues and the things that must be protected when accepting credit cards, and that's one of the biggest reasons why we're here — to make sure that people are aware.

"At the same time, we want to find out if in fact there is anything specific that we need to know in terms of how businesses operate and the different exploits that we might be able to see here that we're not seeing anywhere else," he continued.

According to Russo, education and awareness remain the biggest challenges in the region, despite the possibility that merchants have already deployed a number of security measures as "it is just good business to do it that way".

"Most people want to be able to buy something or spend some money, and be done with it and not have to worry about it. Unfortunately, there's a combination of technology, people and the processes that they have to go through in order to protect this data as well … Once we pull that veil away, people will realise that this is something that they're already doing a good portion of, and it's there to protect them," he concluded.

To view other stories, get a copy of Retail Asia. To subscribe, please download the subscription form from http://www.retailasiaonline.com/subscription.html