Ensuring Security by Design in Payment Card TransactionsPCI SSC's Jeremy King Discusses Collaboration with RBI and NPCI in Building Standards
As India continues its move to a cashless economy, the PCI Security Standards Council is collaborating with the Reserve Bank of India and the National Payments Corp. of India to roll out new software-based design standards for protecting cardholder data against new threats, says Jeremy King, PCI SSC's international director.
"NPCI has joined as an affiliate member of the PCI SSC," King notes in an interview with Information Security Media Group. As a result, NPCI staff can participate in PCI SSC's technical working group and be involved in the development of new standards, he explains.
Later this year, the new security-by-design effort will expand throughout the payments industry in the region as organizations open up new channels of payment transactions and the RBI sets the deadline for banks to move to EMV-based chip-and-PIN transactions, King says.
"The new standards will drive the development of secure software-based PIN entry solutions that these merchants can use for EMV contact and contactless transactions on smartphones and other commercial off-the-shelf devices," he says.
"The software enables merchants' or card holders' consumer device to transact using a secure PIN entry application in combination with a secure card reader for PIN," he says. "Thus, merchants can accept payments with just their mobile device and a small, cost-efficient card reader connected to it along with a secure PIN entry application."
In the interview (see audio link below photo), King also offers insights on:
- How dynamic authentication is used to secure third-party transactions;
- Improved authentication methods in the payment card industry;
- Tackling the challenges of the dark web.
King leads the PCI Security Standards Council's efforts to increase international adoption and awareness of the PCI Security Standards. His chief responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SSC-managed standards through all international markets, and driving education efforts and council membership recruitment. He also serves as a resource for approved scanning vendors, qualified security assessors, internal security assessors, PCI forensic investigators and related staff in supporting regional training, certification and testing programs.