Requirement of PCI DSS in India.


Published on

Published in: Economy & Finance, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Cardholders - persons who are authorized to use credit cards for the payment of goods and services.
  • Merchants - Entities which agree to accept credit cards for payment of goods and services.
  • Source:- Work shop on card frauds organized by NIBM, Pune.
  • An analysis reveals that cash withdrawal at the 1,20,000 ATMs in the country is as high as Rs.7000 Cr a day.
  • Requirement of PCI DSS in India.

    1. 1. Requirements related to PCI-DSS in India By CA. Priyadarshan Behera
    2. 2. About PCI-DSS : The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information. The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with focus on improving payment account security throughout the transaction process.
    3. 3. Key Players in PCI-DSS : Often denoted as PCI-DSS, the Payment Card Industry - Data Security Standard was developed by major credit card companies as a guideline to help organizations that process card payments combat and prevent credit card fraud, hacking and various security vulnerabilities as well as threats. The PCI DSS was created jointly in 2004 by four major creditcard companies: Visa, MasterCard, Discover and American Express.
    4. 4. Applicability of PCI : PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI-DSS requirements apply.
    5. 5. Requirements of PCI-DSS In India : India,the second-most populous country with over 1.27 billion people, and the most populous democracy in the world,where E-payments through cards are extensively used for various transactions. The transaction level of 45 million debit card transactions for Rs 7,000 Cr in value p.m. and 19 million credit cards transactions for Rs 12,000 Cr in value p.m. shows that the card payment industry is no longer small as it used to be 5 years back. Continues….
    6. 6. ……. India has emerged as the ransomware capital of Asia Pacific with 11% of the total victims belonging to the country. The report that was released in October 2013, pointed out that the internet users too adopted 'risky' habits such as accessing bank account or shopping online through a public or unsecure Wi-Fi or sharing passwords that made them more vulnerable to threats.
    7. 7. Statistic about the usage : 350 300 250 200 150 Million 100 50 0 Debit Card (336M) ATM's (0.12M) Credit Card (19M) POS Terminals (0.9M)
    8. 8. In sum, the size of the card payments market in India is big and getting bigger day by day. As per the Symantec Internet security, Threat Report 2013, countries leading the charts in threat pertaining to bank cards are United States, China and India and India accounting for 6.5% of the total targeted attacks in 2012. In sum, the incident level is a matter of concern for our country. Since several countries have taken different preventive steps, we should guard ourselves against card fraud moving in to India & we can’t ignore the fact that “Fraudsters are a step ahead of Market”.
    9. 9. Frauds in India & its Involvement in Global Scam : A man allegedly involved in theft of Credit Card of more than 30K customers of a private sector bank & making transactions worth crores of rupees finally landed in police net in 2013 in Delhi. Glimpse of Card Frauds in India :SBI lodges FIR in ATM frauds case- Patna. Teacher loses Rs 14K in ATM fraud- Ambala. E-banking fraud: 1.2L stolen from dentist’s account- Dadar. Honcho loses Rs 19L in cyber fraud- New Delhi. 6 arrested for online fraud- Allahabad. Man loses his July salary to card fraud in 25 mins- Mumbai. Debit card racket with overseas link unearthed – Madurai.
    10. 10. International Credit Card Scam : 200 Million Dollar Credit Card Scam:Five Indian-origin men were among 18 others charged for running a whopping 200 million dollar global credit card fraud under which they used thousands of fake identities to dupe businesses and financial firms and wired millions of dollars to Pakistan and India. This types of incidents clearly depicts how Indians are actively involved in various frauds involving debit/credit cards. As a result there is a high alarm in the banking, retail & other sectors using online cards for processing their day to day transactions.
    11. 11. Telephone Card Payment in India : There is a risk that organizations taking customer payment card details over the telephone may be recording the full cardholder details to comply with various regulatory bodies, potentially exposing cardholder data to unnecessary risk. With 66 percent of Indian consumers using their personal mobile device for both work and play, this creates entirely new security risks for enterprises as cybercriminals have the potential to access even more valuable information.
    12. 12. Conclusion : Considering the rapid growth of the cards payment markets & merchants in India, sooner we have to adopt additional factor of authentication for card present transactions in various terminals dealing with debit/credit cards. The way frauds related to credit/debit cards are spreading across various corner in India , it becomes imperative for organisations to covers them under PCI-DSS.