PCI-DSS: The Asian Journey to ComplianceSISA Founder Shanthamurthy Says PCI Standards Are Embraced in Asia, Middle East Markets
The adoption of the Payment Card Industry Data Security Standard has picked up substantially over the past five years in India and the Middle East, says Dharshan Shanthamurthy, founder and CEO at payment security specialist firm SISA Information Security. And the financial industry, not surprisingly, was the first in these markets to embrace PCI.
"Starting with the Saudi Arabian regulatory body, the Saudi Arabian Monetary Authority, many other countries in the Gulf and the Reserve Bank of India have made PCI DSS mandatory," Shanthamurthy says in this interview with Information Security Media Group. "For any organization, and their third parties dealing with payment cards, PCI has become a contractual obligation - a de facto industry standard." (See PCI-DSS: Building Global Acceptance.)
Keeping Standard Updated
Shanthamurthy says the PCI Council "has done a great job of keeping the standard up to date and connected with industry requirements in a very nimble manner, while staying attentive to feedback. The latest version of the standard remains very relevant to the current fraud and security landscape."
As the U.S. finally moves forward with EMV adoption, experts anticipate a global shift in card fraud (see Global Card Fraud to Rise?). Some shifts are already evident, Shanthamurthy says, evidenced by an ever-increasing number of fraud and breach cases in the Asian market.
Shanthamurthy's expects the next iteration of PCI-DSS will include more details on mobile payments. "While the council is aware of this need, there are some restrictions that need to be addressed, and I am hopeful that there would be more guidance or controls around this in the future," he says (see The Future of PCI).
During this interview (see audio link below photograph), Shanthamurthy also discusses:
- The PCI-DSS journey and its popularity in the region;
- The role regulators have played in PCI adoption; and
- Expectations for future standards in the Asia-Pacific region.
Shanthamurthy is a thought leader in payments security and has been associated with PCI standards since the inception of the PCI-DSS. He was instrumental in helping the PCI Council publish risk assessment guidelines and has worked with more than 1,000 organizations, ranging from startups to Fortune 500 companies, to help then maintain cybersecurity. He is also the author of the payment security implementation program called the CPISI, which comprises more than 5,000 professionals.