Requirements related to
PCI-DSS in India
By CA. Priyadarshan Behera
About PCI-DSS :
The Payment Card Industry Data Security Standard
(PCI DSS) is a widely accepted set of policies and
procedures intended to optimize the security of
credit, debit and cash card transactions and protect
cardholders against misuse of their personal
information. The Payment Card Industry Security
Standards Council (PCI SSC) was launched on
September 7, 2006 to manage the ongoing evolution
of the Payment Card Industry (PCI) security
standards with focus on improving payment account
security throughout the transaction process.
Key Players in PCI-DSS :
Often denoted as PCI-DSS, the Payment Card
Industry - Data Security Standard was developed by
major credit card companies as a guideline to help
organizations that process card payments combat
and prevent credit card fraud, hacking and various
security vulnerabilities as well as threats. The PCI
DSS was created jointly in 2004 by four major creditcard companies: Visa, MasterCard, Discover and
Applicability of PCI :
PCI applies to ALL organizations or merchants, regardless of
size or number of transactions, that accepts, transmits or
stores any cardholder data. Said another way, if any customer
of that organization ever pays the merchant directly using a
credit card or debit card, then the PCI-DSS requirements
Requirements of PCI-DSS In India :
India,the second-most populous country with over
1.27 billion people, and the most populous
democracy in the world,where E-payments through
cards are extensively used for various transactions.
The transaction level of 45 million debit card
transactions for Rs 7,000 Cr in value p.m. and 19
million credit cards transactions for Rs 12,000 Cr in
value p.m. shows that the card payment industry is
no longer small as it used to be 5 years back.
India has emerged as the ransomware capital
of Asia Pacific with 11% of the total victims
belonging to the country. The report that was
released in October 2013, pointed out that
the internet users too adopted 'risky' habits
such as accessing bank account or shopping
online through a public or unsecure Wi-Fi or
sharing passwords that made them more
vulnerable to threats.
Statistic about the usage :
In sum, the size of the card payments market in India
is big and getting bigger day by day. As per the
Symantec Internet security, Threat Report
2013, countries leading the charts in threat
pertaining to bank cards are United States, China
and India and India accounting for 6.5% of the total
targeted attacks in 2012. In sum, the incident level is
a matter of concern for our country. Since several
countries have taken different preventive steps, we
should guard ourselves against card fraud moving in
to India & we can’t ignore the fact that “Fraudsters
are a step ahead of Market”.
Frauds in India & its Involvement in Global Scam :
A man allegedly involved in theft of Credit Card of
more than 30K customers of a private sector bank &
making transactions worth crores of rupees finally
landed in police net in 2013 in Delhi.
Glimpse of Card Frauds in India :SBI lodges FIR in ATM frauds case- Patna.
Teacher loses Rs 14K in ATM fraud- Ambala.
E-banking fraud: 1.2L stolen from dentist’s account- Dadar.
Honcho loses Rs 19L in cyber fraud- New Delhi.
6 arrested for online fraud- Allahabad.
Man loses his July salary to card fraud in 25 mins- Mumbai.
Debit card racket with overseas link unearthed – Madurai.
International Credit Card Scam :
200 Million Dollar Credit Card Scam:Five Indian-origin men were among 18 others charged for
running a whopping 200 million dollar global credit card
fraud under which they used thousands of fake identities to
dupe businesses and financial firms and wired millions of
dollars to Pakistan and India. This types of incidents
clearly depicts how Indians are actively
involved in various frauds involving
debit/credit cards. As a result there is
a high alarm in the banking, retail &
other sectors using online cards for
processing their day to day transactions.
Telephone Card Payment in India :
There is a risk that organizations taking customer
payment card details over the telephone may be
recording the full cardholder details to comply with
various regulatory bodies, potentially exposing
cardholder data to unnecessary risk. With 66 percent
of Indian consumers using their personal mobile
device for both work and play, this creates entirely
new security risks for enterprises as cybercriminals
have the potential to access even more valuable
Considering the rapid growth of the cards payment
markets & merchants in India, sooner we have to
adopt additional factor of authentication for card
present transactions in various terminals dealing with
The way frauds related to credit/debit cards are
spreading across various corner in India , it becomes
imperative for organisations to covers them under