BankThink

More Cooperation Is Necessary to Fight Payments Crime

This week's White House Summit on cybersecurity at Stanford University comes at a pivotal time for payment and security professionals, who have an opportunity to cooperate to fight Internet crime.

A number of executives from the payments industry will join President Obama and Cabinet officials at the event. It's rare that such heightened attention is spent cybersecurity — an issue that is critical to our nation's future.

It's not news to us that cybercriminals are tireless in their pursuit to hack and attack our personal information for their financial gain. We should view this as an opportunity to come together as a community across industry lines to share information to better protect merchants that are getting hammered by hackers on a daily basis.

What's at stake is apparent. Cybercrime costs the U.S. economy $100 billion per year, while the average data breach now cost organizations $3.5 million. This is an urgent issue. The time is now to increase merchant education and maintain vigilance against this persistent threat.

In addition to the cybersecurity summit, Congress is seeking to create legislation to better protect consumers, generate more avenues for information sharing and bolster law enforcement efforts.

We also know that in the months leading up to the EMV chip transition, hackers will increase their activity around card-present attacks. This summit provides the opportunity for us to discuss action plans and share information to better protect sensitive cardholder data.

We need to remain vigilant and make continuous security a priority over moment-in-time compliance.

It's disturbing to know that basic requirements of the PCI Data Security Standard, such as daily log monitoring or implementing strong passwords, are still not being implemented. The word “password” remains one of the most popular passwords. Moreover, it takes the average breached organization 229 days to detect an intrusion.

We must redouble our commitment to merchant education. It's why in a few weeks, the PCI Security Standards Council will launch a task force to better address small business security concerns; why we are refocusing our partnership with the acquiring community to help businesses more easily and effectively take advantage of the technologies out there that can simplify payment security; and why we'll continue to stand shoulder to shoulder with those across the ecosystem to develop the strongest standards, best practices and guidance for protecting payments now and in the future.

As we participate in the summit this week, we must view this collaboration for what it is — a good first step. Data security must be an ongoing and ever changing effort. Only cooperation and constant vigilance will get us ahead of future cyberattacks.

Stephen Orfei is general manager of the PCI Security Standards Council.

For reprint and licensing requests for this article, click here.
Bank technology Cyber security
MORE FROM AMERICAN BANKER