International standards should be made mandatory for the payment card industry given rising cyberthreats, a security specialist said.
Nitin Bhatnagar, associate vice-president at Sisa Information Security, claimed that the Philippines’ payment infrastructure was vulnerable to cyberattacks “because of the ineffective implementation of payment security standards such as PCI-DSS (Payment Card Industry Data Security Standard).”
Cyberthreats are “going to get worse” given the growing adaption of digital payment systems, he told The Manila Times.
“Breach[es]can happen to any payment environment including a bank, e-commerce or retail merchants,” he said.
The Philippines, Bhatnagar said, currencly has 76 million debit and prepaid users and 8.5 million credit cardholders — an attractive number for cybercriminals looking for targets.
“Smart phones and credit card usage without PIN (personal identification number) are fraught with risks and we have to tackle it. Industry has to wake up and should do what is required to be done,” he said.
“[W]e would urge the regulators to make payment security standards mandatory for all banks, merchants and IT/BPO organizations,” he added.
Bhatnagar welcomed government proposals to impose life imprisonment and a fine of up to P5 million for automated teller machine (ATM) hackers, noting a 250-percent surge in ATM fraud cases to P600 million in 2016 from P175 million in 2012.
The private sector, however, also needs to step up as this “will also help [the government]to formulate a roadmap for such incidents and it would be useful for others to follow so that they don’t fall victim.”
Government initiatives, he added, could extend to the listing of verified information security firms for companies wanting to get help in resolving cybersecurity issues.
“Securing [data]has to be an ongoing activity and government should allocate sufficient fund for improving [the country’s]cybersecurity posture,” he said.