Write a presentation based on my paper with business and technical explanation
The Digital Payment and Financial Technology Industry are presently navigating through
persistent grueling waves of cybercrimes. It should come as no surprise that businesses are under
constant pressure to improve and strengthen their security programs because data security and
privacy are currently the top priorities in the digital world. With figures revealing almost 48% –
49% of customers utilize digital channels for banking, it demonstrates the rising dependence on
Fintech businesses (Rahaman, Wang & Yao, 2021). Being PCI Compliant is a component of
adhering to industry best practices for any business that processes credit card payments online.
This holds for service providers, payment processors, and online retailers. PCI compliant means
that all credit card payments are securely stored, handled, and transmitted. Building a secure
system is essential given the rising number of credit card frauds worldwide.
How Payment Card Industry (PCI) compliance can assist with the transition from
traditional to digital payments
PCI is a collection of international security standards to ensure that all organizations
engaged in receiving, storing, processing, or transferring credit card information maintain a safe
environment. Anyone who accepts credit card payments must follow the rules and specifications
created by the PCI Standards Council. They lessen the possibility of compromised client data
and the cascading effects that follow by establishing compliance guidelines. Without these rules,
consumer credit card information is freely accessible and may be used for unauthorized
transactions or identity theft (Sihotang et al., 2018). Companies must assess their infrastructure,
payment handling policies, and operational procedures to ensure PCI compliance. Even though
obtaining PCI compliance may appear challenging, not doing so might negatively affect your
business and customers.
When transitioning from traditional to digital payments, PCI compliance can assist
businesses in integrating gateways, capabilities, and processes by following the core of its
security standards. Some of these guidelines include the following:
a) Prevent unauthorized logical access
Companies adopting digital payments should secure mobile devices and applications
against unauthorized logical access. They should include design elements that deter third-party
usage. In this case, secure elements such as “Biometric8,” “Patterns,” “Password,” or “PIN”
should be included in the design. They should also include a function that, after a certain period,
makes the user re-authenticate to the device. Since “Slide” does not increase security, they
shouldn’t depend on it.
b) Create server-side controls
Companies transitioning from traditional to digital payments should create an acceptable
payment solution that includes functions for reporting third-party access attempts and
discontinuing access. Some examples of controls include the capability to monitor events,
discriminate between normal and abnormal occurrences, and report events; however, there are
many more controls that businesses can choose from.
c) Prevent escalation of privileges
There must be measures on the device to prevent privilege escalation from occurring (e.g.,
group or root privileges). Bypassing permissions might make questionable security decisions,
increasing the number of possible entry points for attackers. As a result, the device should be
tracked for activities that get around the operating system’s security, such as jailbreaking or
rooting. In other words, the device should be put into a state of security risk. Offline jailbreak
and automatic quarantine are both essential features, given that some attackers may attempt to
conceal their activities by putting the device in an offline mode (Industry, 2018). Application
hardening is a strategy that can also be used to prevent privilege escalation on a mobile device.
d) Harden the application
The mobile payment application must be improved to reduce the number of potential
entry points for attackers (Susanto & Almunawar, 2018). Apps that handle mobile payments
need to be improved so that they are more resistant to illegal logical access and other methods of
app manipulation, such as code injection and reverse engineering. Therefore, PCI DSS
compliance is obligatory for every program used to assist the mobile payment-acceptance
e) Conform to secure engineering, coding, and testing
Payment applications should adhere to secure coding, testing procedures, and engineering
such as those described in the PA-DSS. Developers should know all PCI requirements and best
practices to ensure safe coding. The training should address how to avoid common code defects,
such as injection flaws, inappropriate error handling, unsafe cryptographic storage, buffer
overflow, unsecure communications, and improper access control.
Many firms in today’s market have shifted their focus from the provision of physical
products to the provision of digital ones to take advantage of the benefits offered by e-commerce.
However, there is always the possibility of a costly data breach. Because of this, it is becoming
more important for companies to ensure the safety of any payment cards, customer identification
information, and user account information stored in their systems. Trust is the single most critical
component of a successful client relationship, especially when sharing financial information
through any online payment system. PCI is a severe regulation for payment processing that
protects both consumers and corporations. All companies that deal in processing payments must
comply with the PCI standards to safeguard cardholders’ information.
Industry, P. C. (2018). Data Security Standard: Requirements and security assessment
procedures. Version 3.2, 1.
Rahaman, S., Wang, G., & Yao, D. (2021, November). Security certification in payment card
industry: Testbeds, measurements, and recommendations. In Proceedings of the 2019
ACM SIGSAC Conference on Computer and Communications Security (pp. 481-498).
Sihotang, R. A. A., Soetomo, M., Amin, A., & Ipung, H. P. (2018). Remote Access for Payment
Card Industry Data Security Standard (PCI DSS) Compliance in PT “A” 2017 (Doctoral
dissertation, Swiss German University).
Susanto, H., & Almunawar, M. N. (2018). Information security management systems: A novel
framework and software as a tool for compliance with information security standards.
Apple Academic Press.
Purchase answer to see full