With increasingly digital payment methods, financial institutions are working to protect consumer data. Financial crimes such as synthetic identity fraud have grown easier with the development of artificial intelligence (AI). AI allows for increasingly believable deepfakes, tricking financial institutions into giving cybercriminals access to sensitive data.
According to a report by Bluefin, 94% of security professionals have significant or very significant concerns pertaining to payment data security. The report finds that malware was the top-cited threat to payment data at 59%. Additional threats include phishing, insider threats, skimming and crypto-jacking. Ninety-eight percent of respondents admitted that they’d experienced at least one data breach over the past 24 months.
The Payment Card Industry Data Security Standards (PCI DSS) were recently updated with increased requirements for financial institutions. According to the report, 90% of respondents are concerned about meeting the March 2025 deadline, and 31% have a strong understanding of all of the requirements. Online/web payments were cited as the payment method most affected by PCI DSS guidelines, followed by call centers, in-store payments and invoices.
The new requirements are designed to address current payment security concerns. Some of the PCI DSS 4.0 requirements include:
- Developing cybersecurity methods for threats
- Performing targeted risk analysis
- Hardware, software and security reviews every 12 months
- Anti-malware updates
- Data storage security updates
- Maintaining and securing new payment technologies
According to the report, 86% of respondents say they will mostly or solely rely on third-party vendors to meet the requirements. The report found that respondents prioritized data security vendors who were knowledgeable of regulatory environments and PCI DSS compliance.
Despite compliance concerns, 80% of respondents agree or strongly agree that the updates are fair and necessary. While not required by law, the regulations are designed to guide financial institutions towards increased cybersecurity.
Read the full report here.