Financial sector prepares for new payment security guidelines

bymuratdeniz / iStock / Getty Images Plus via Getty Images

With increasingly digital payment methods, financial institutions are working to protect consumer data. Financial crimes such as synthetic identity fraud have grown easier with the development of artificial intelligence (AI). AI allows for increasingly believable deepfakes, tricking financial institutions into giving cybercriminals access to sensitive data.

According to a report by Bluefin, 94% of security professionals have significant or very significant concerns pertaining to payment data security. The report finds that malware was the top-cited threat to payment data at 59%. Additional threats include phishing, insider threats, skimming and crypto-jacking. Ninety-eight percent of respondents admitted that they’d experienced at least one data breach over the past 24 months.

The Payment Card Industry Data Security Standards (PCI DSS) were recently updated with increased requirements for financial institutions. According to the report, 90% of respondents are concerned about meeting the March 2025 deadline, and 31% have a strong understanding of all of the requirements. Online/web payments were cited as the payment method most affected by PCI DSS guidelines, followed by call centers, in-store payments and invoices.

The new requirements are designed to address current payment security concerns. Some of the PCI DSS 4.0 requirements include:

Developing cybersecurity methods for threats
Performing targeted risk analysis
Hardware, software and security reviews every 12 months
Anti-malware updates
Data storage security updates
Maintaining and securing new payment technologies

According to the report, 86% of respondents say they will mostly or solely rely on third-party vendors to meet the requirements. The report found that respondents prioritized data security vendors who were knowledgeable of regulatory environments and PCI DSS compliance.

Despite compliance concerns, 80% of respondents agree or strongly agree that the updates are fair and necessary. While not required by law, the regulations are designed to guide financial institutions towards increased cybersecurity.

Read the full report here.

Taelor Daugherty is the Associate Editor at Security magazine. Daugherty covers news affecting enterprise security leaders, from industry events to physical & cybersecurity threats and mitigation tactics. She is also responsible for coordinating and publishing web exclusives, multimedia content, social media posts, and a number of eMagazine departments. Daugherty graduated in 2022 with a BA in English Literature from Agnes Scott College.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.