As Associate Director for India, Nitin Bhatnagar is responsible for driving awareness and adoption of PCI Security Standards in the country. Bhatnagar works closely with merchants, acquirers, financial institutions, security practitioners, law enforcement and other key stakeholders across the Indian payment ecosystem. Here he discusses payment security challenges and opportunities in India and the second annual PCI SSC India Forum planned for 9 December online
India witnessed dramatic increases in digital payments during the past two years while also witnessing a spike in cybercrime. What are your thoughts on improving payment security in India?
Nitin Bhatnagar: A less-cash society seems fast approaching, and that’s good news for India. Unfortunately, India has also witnessed a sharp rise in online payment cyberattacks, especially due to increase in the overall attack surface. There is an increase in the percentage of malware campaigns employing COVID-19 related attack vectors.
The road to stronger payment security involves global collaboration, organizations should start prioritizing data security as an important element to their day- to-day business activities. CFO/CXO’s investing in cyber security is equally important. Getting employees trained and improving on cyber hygiene will help organizations take steps in right direction. Becoming a PCI SSC Participating Organization (PO) can help better protect your organization from cybercrime by being part of a community of payment professionals. Being a PO, your organization will also have access to free and discounted training and regional events, making it a cost-effective way to invest in cybersecurity.
According to a study by Cybersecurity Ventures, cybercrime will cost companies across the world $6 trillion annually by 2021, up from $3 trillion in 2015. As the world is dealing with the pandemic and is stabilizing in the new normal, what are the unique challenges that India is facing to protect against critical cyber-attacks on transaction channels?
Nitin Bhatnagar: The payments industry in India faces the challenge of fintech providers adopting new and emerging technologies without fully considering security implications post-implementation. In a recent survey 61% of organizations in India lack structured cybersecurity training. While working remotely, more than 50 percent of cybersecurity professionals admitted that no cybersecurity training was provided by their organizations. According to study by DSCI, India needs one million cybersecurity professionals by 2020. India’s current qualified cybersecurity professionals count stands at around 100,000 cybersecurity professionals, a shortage of 900,000 professionals.
In India, contactless payments have been seeing a steady growth. What are the other new emerging technologies you are seeing be adopted?
Nitin Bhatnagar: That is fantastic news for the payment industry. Contactless payments methods will continue to evolve and are here to stay. Merchants should be using the solutions that are validated by PCI Recognized Labs on PCI CPoC standards to accept contactless payments using a smartphone or other commercial off-the-shelf (COTS) mobile devices with near-field communication (NFC). We will have an interesting case study presentation at PCI India Forum 2020 (9th Dec 2020) on PCI CPoC adoption by a leading Indian merchant that provides financing and last-mile retail transaction technology along with the PCI recognized Lab.
Completing two years as Associate Director, India what progress have you seen in the Indian market now (2020) compared to when (2018) you took up this role with PCI SSC ?
Nitin Bhatnagar: India is a very dynamic market and unique in the way innovations are changing the payment landscape. Make no mistake about it, India has advanced to the next level in payments in the past two years with the adoption of new payment technologies including contactless, UPI (Unified Payment Interface) and QR based payments. Fintech growth in India has seen the highest adoption rate globally. Increased adoption of the internet and improved digital infrastructure are driving the fintech market in India. However, the rising threat of cyber and data security threats is an ever increasing concern.
In my view, the top five accomplishments in the last two years are:
- Raising awareness around the importance of payment data security and adoption of the PCI Security Standards with a rigorous education campaign and stakeholder outreach.
- India is seeing a growing involvement in the PCI SSC with several new Participating Organizations in India and more in the process of joining.
- Increased organizational involvement with three Qualified Security Assessor (QSA) Companies represented on the Global Executive Assessor Roundtable (GEAR) from India (SISA, ControlCase and Panacea Infosec) and our Affiliate Member and BOA (NPCI) has been supportive of our mission in educating and creating awareness around PCI Standards.
- Substantial increase in the number of professionals trained as PCIPs which provides tools to help organizations build a secure payment environment and meaningful growth within our assessor community.
- We have witnessed the first few CPoC and SPoC Solutions listings from India, That shows the positive outlook towards the adoption of contactless payments in the country.
Why should stakeholder’s attend PCI India Forum this year? What is the value?
Nitin Bhatnagar: PCI India Forum this year will be unique in that it will be virtual. Speakers from a range of payment stakeholders including Regulators, Government, Assessors, PFIs, PCI Recognized Labs, and Affiliate Members all coming together to discuss payment security issues. This will make for unique and rich content for stakeholders to learn from as well as opportunities to interact with payment brands along with vendors and solution providers. This represents a great opportunity for your company to gain additional exposure, while raising your profile and positioning your company as a leader in payment security. We have opportunities for sponsorships and exhibiting at the PCI India Forum 2020.
Register today to reserve your seat! Registrations are complimentary.