Custodians of the cyber frontier: Charting a course through data security wilderness

Visa Head of Risk for India and South Asia Vipin Suralia

PCI Security Standard Council South Asia and MEA Regional Director 

Nitin Bhatnagar

 From left: Visa Head of Risk for India and South Asia Vipin Suralia, PCI Security Standard Council South Asia and MEA Regional Director Nitin Bhatnagar, CBSL Payments and Settlements Department Director K.V.K. Alwis, LankaPay Chief Information Security Officer Chamath Algawatta, WEBXPAY Founder/CEO Omar Sahib and Moderator CICRA Holdings Group Director/CEO Boshan Dayaratne 

By Hiyal Biyagamage

In the contemporary world, the role of data security has evolved to become the guardian of our digital realm, a sentinel entrusted with protecting the lifeblood of our interconnected society. The digital landscape, in all its complexity and grandeur, has transformed the way we live, work, and communicate. It has revolutionised industries, connected global communities, and offered unprecedented convenience. Yet, this new frontier has also given rise to unprecedented challenges, with data breaches, cyber attacks, and digital vulnerabilities becoming commonplace.

During the first session of the Daily FT-CICRA Cyber Security Summit, regional cyber security experts explore the significance of data security as the guardian of the digital realm and the imperative of navigating this intricate landscape.

Growth of digital payments

Delivering the keynote speech, Head of Risk Services, India and South Asia for Visa, Vipin Suralia said the digital realm, defined by the omnipresence of data, is now a central aspect of our existence. From the personal information we share on social media to the sensitive data stored by businesses and governments, our lives are increasingly intertwined with the digital domain.

“Several key pillars are driving the growth of digital payments. One is, of course, adoption by you. You all love digital payments because they allow you to do transactions anytime. If there is any emergency, you can transfer your money back home. Imagine 30 years back, when I joined this industry, there was no single scheme in the world except for schemes which could be used to do real-time transactions. We had to rely on cheques,” said Suralia.

According to Suralia, in today’s world, the digital realm is where society’s interactions, transactions, and relationships are increasingly conducted. This digital transformation, accelerated by the global pandemic, has made the exchange of data and information an integral part of daily life.

“Financial transactions are no exception, with electronic payments becoming the norm. As the guardians of the digital realm, data security is a fundamental concern. Visa, as a global leader in payment technology, plays a pivotal role in ensuring the security of these transactions.”

Suralia described four key trends which are shaping the future of the payment industry.

“If you look at it from the perspective of what is happening today, there are four key trends that I would like to talk about. One is the changes happening because of artificial intelligence and the bold technology disruption because of computing power. The second is because now technology is available that can generate more data, and also technologies, tools and processes that some of you have creatively introduced to harness that data. So what’s happening is a cycle. More data is produced, more data is shared and more data exchanged.”

“The third trend is partnerships. We can’t do everything alone; we rely on issuers and acquirers, and when we evolve, we need solid partnerships to build competencies. Finally, there is this whole journey of the decentralised ledger technologies that have emerged, which is around the crypto and the blockchains. The idea was to create a peer-to-peer trust, which it was supposed to create in place of a central authority that monitors. But there are blockchains which are not so good on this side. These are the four major industry trends we are seeing, driving the digital change,” Suralia explained.

Furthermore, he added, “One of the paramount reasons data security is the sentinel of our digital realm lies in the relentless growth of cyber threats. Cyber attacks have transcended traditional notions of security and now pose multifaceted challenges, ranging from state-sponsored espionage and organised crime to lone-wolf hackers seeking personal gain. Data breaches, ransomware attacks, and identity theft are common manifestations of this ongoing battle. Borders do not confine these threats; they span the globe, targeting individuals, businesses, and governments. The guardian of the digital realm must adapt to this evolving landscape, defending against these threats while remaining vigilant for new forms of attack.”

Setting a strategic direction

Visa’s risk services are committed to protecting the integrity of digital payments and the data that underpins them, said Suralia.

“We continuously work to thwart cyber threats, fraud, and unauthorised access to sensitive information. This involves the development and implementation of advanced security protocols and the monitoring of billions of transactions every year. Visa is committed to setting the strategic direction for risk management, ensuring compliance of our partners and stakeholders, and fostering a culture of security within our organisation. It also involves collaborating with industry partners, financial institutions, and regulatory bodies to establish robust cybersecurity standards.”

He said rapidly adopting emerging technologies like IoT, AI, and blockchain add complexity to the landscape. While these technologies offer innovative solutions, they also introduce new vectors for potential threats. The interconnectivity of these technologies poses unique challenges, making data security a multidimensional endeavour.

Navigating the intricate landscape of data security

In navigating the intricate data security landscape, Suralia said several key imperatives come to the fore. Firstly, organisations and individuals must acknowledge that cybersecurity is not solely for IT departments or government agencies; it is a shared responsibility.

“Every individual interacting with the digital realm must be aware of their role in safeguarding data. For organisations, robust cybersecurity measures, incident response plans, and compliance with regulatory standards are essential components. Moreover, ongoing education and training are necessary to empower employees and users with the knowledge to protect themselves and the data they handle.”

Collaboration is another critical element in data security, according to Suralia. The interconnected nature of the digital realm necessitates cooperation among organisations, industries, and nations. Threat intelligence sharing and coordinated responses to cyber threats are essential in safeguarding the digital realm. 

“The role of emerging technologies, such as AI and blockchain, cannot be overlooked in this context. These technologies offer innovative solutions to fortify data security. AI can enhance threat detection and response, while blockchain has the potential to revolutionise data protection through decentralised and tamper-proof ledgers,” Suarlia said in conclusion.

Navigating the ever-changing landscape of PCI compliance

Delivering the guest speech, Regional Director, South Asia and MEA for PCI Security Standard Council, Nitin Bhatnagar gave a comprehensive introduction to PCI. He helped the participants explore the significance of PCI compliance, its challenges, and the strategies necessary to navigate this evolving landscape successfully.

“The Payment Card Industry Data Security Standard (PCI DSS) is the cornerstone of safeguarding sensitive payment card data in today’s digital age. As businesses and consumers continue to rely on electronic transactions, the security of this data has become paramount. Navigating the ever-changing landscape of PCI compliance is not just a regulatory requirement but a strategic imperative.”

PCI compliance is a set of security standards to protect payment card data from theft or unauthorised access. This data includes cardholder information, credit and debit card numbers, cardholder names, and card verification codes. The stakes are high, as a breach of this information can lead to financial losses, reputational damage, and legal consequences. The PCI DSS provides a framework for organisations to secure this data through a series of requirements and best practices.

“In an era marked by the relentless growth of digital payments, PCI compliance holds paramount significance. It is not merely a regulatory box to check but a crucial element in cybersecurity. Payment card data remains a top target for cybercriminals, who employ sophisticated tactics to exploit vulnerabilities and gain unauthorised access. Businesses that fail to uphold PCI compliance may inadvertently become a weak link in the payment card ecosystem, jeopardising the security and trust of the entire payment card industry.”

A formidable challenge

Navigating the landscape of PCI compliance is a formidable challenge in the ever-evolving digital world, said Bhatnagar. He said the dynamic nature of this environment introduces several complexities that businesses and organisations must contend with.

“First, the constantly evolving threat landscape presents an ongoing battle against emerging cyber threats, necessitating vigilant adaptation to meet PCI DSS requirements and stay ahead of these evolving tactics. Second, the intricate payment ecosystem involves multiple stakeholders, from merchants and service providers to acquirers and issuers. Coordinating the compliance efforts of these diverse parties can be a complex endeavour.”

“Furthermore, determining the scope of PCI compliance within an organisation is another challenge. This involves identifying and safeguarding all systems and processes interacting with payment card data, which may extend beyond traditional payment channels. Lastly, resource constraints, particularly affecting small businesses, can hinder achieving and maintaining compliance. The cost and specialised expertise required may present challenges in upholding the necessary standards. In this landscape, organisations must devise comprehensive strategies to counter these challenges effectively while preserving the security of payment card data,” said Bhatnagar.

Concluding his speech, Bhatnagar said successful navigation of the ever-changing landscape of PCI compliance hinges on a strategic approach. To effectively uphold compliance, he said organisations should employ several vital strategies.

“Continuous monitoring is essential to keep pace with the evolving threat landscape as cyber threats are dynamic. Education and training programs are crucial in raising awareness among all employees, empowering them to protect payment card data. Regular risk assessments help identify vulnerabilities and weaknesses in the payment card ecosystem, necessitating the development of strategies to mitigate these risks. Staying updated on changes to PCI DSS requirements is imperative, as it ensures that compliance measures are adapted accordingly, involving updates to security protocols, technologies, and policies.”

“Collaboration is also vital, as organisations should work closely with all stakeholders in the payment card ecosystem, including payment processors, vendors, and service providers, to ensure that all parties are aligned and compliant. These strategies collectively form a comprehensive approach on navigating the complex terrain of PCI compliance while upholding the security of payment card data,” said Bhatnagar.

The two speeches were followed by a panel discussion moderated by  Group Director/CEO at CICRA Holdings, Boshan Dayaratne. It had the Central Bank of Sri Lanka, Director Payments and Settlements Department, K.V.K. Alwis, LankaPay Chief Information Security Officer  Chamath Alagawatta, and Founder and CEO at WEBXPAY, Omar Sahib.

The CEOs Cyber Security Forum was followed by a full-day summit which focused on three critical areas: Payment Card Industry Data Protection, Cloud Security, and Zero Trust.  

Strategic partners of the summit were Visa and Huawei. The official Payment Network was LankaPay, official finance company partner was People’s Leasing and Finance PLC, knowledge partners were PCI Security Standards Council and ISC2 Chapter Sri Lanka, creative partner was Mullenlowe and hospitality partner, Cinnamon Grand.

Pix by Upul Abayasekara and Ruwan Walpola