Financial sector prepares for new payment security guidelines

bymuratdeniz / iStock / Getty Images Plus via Getty Images

With increasingly digital payment methods, financial institutions are working to protect consumer data. Financial crimes such as synthetic identity fraud have grown easier with the development of artificial intelligence (AI). AI allows for increasingly believable deepfakes, tricking financial institutions into giving cybercriminals access to sensitive data.

According to a report by Bluefin, 94% of security professionals have significant or very significant concerns pertaining to payment data security. The report finds that malware was the top-cited threat to payment data at 59%. Additional threats include phishing, insider threats, skimming and crypto-jacking. Ninety-eight percent of respondents admitted that they’d experienced at least one data breach over the past 24 months.

The Payment Card Industry Data Security Standards (PCI DSS) were recently updated with increased requirements for financial institutions. According to the report, 90% of respondents are concerned about meeting the March 2025 deadline, and 31% have a strong understanding of all of the requirements. Online/web payments were cited as the payment method most affected by PCI DSS guidelines, followed by call centers, in-store payments and invoices.

The new requirements are designed to address current payment security concerns. Some of the PCI DSS 4.0 requirements include:

Developing cybersecurity methods for threats
Performing targeted risk analysis
Hardware, software and security reviews every 12 months
Anti-malware updates
Data storage security updates
Maintaining and securing new payment technologies

According to the report, 86% of respondents say they will mostly or solely rely on third-party vendors to meet the requirements. The report found that respondents prioritized data security vendors who were knowledgeable of regulatory environments and PCI DSS compliance.

Despite compliance concerns, 80% of respondents agree or strongly agree that the updates are fair and necessary. While not required by law, the regulations are designed to guide financial institutions towards increased cybersecurity.

Read the full report here.

Taelor Daugherty is the Assistant Editor at Security magazine. Daugherty covers news affecting enterprise security leaders, from industry events to physical & cybersecurity threats and mitigation tactics. She is also responsible for coordinating and publishing web exclusives, multimedia content, social media posts, and a number of eMagazine departments. Daugherty graduated in 2022 with a BA in English Literature from Agnes Scott College.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.