PCI SSC has hired Nitin Bhatnagar to lead its efforts in India. As Associate Director for India he is responsible for driving awareness and adoption of PCI Security Standards in the country. Bhatnagar will work closely with merchants, acquirers, financial institutions, security practitioners, law enforcement and other key stakeholders across the Indian payment ecosystem. Here he discusses payment security challenges and opportunities in the country, his new role and the first ever PCI SSC India Forum planned for 13 March 2019 in New Delhi.
Cyberattacks are increasing in India, and specifically those aimed at financial networks, according to India’s Computer Emergency Response Team (CERT). Why is India a growing target for cybercriminals?
Nitin Bhatnagar: Cyber security is one of the significant national security challenges that countries face all over the world. In India, according to the Ministry of Electronics and Information Technology (MeitY), total value of transactions stood at $2.82 Tn (INR 204.86 Lakh Cr) as of August 2018 which is an 88% jump from $1.5 Tn (INR 108.7 Lakh Cr). India is on the path of becoming a world leader in digital payments, both in terms of the volume of payments made and the rate at which online payments are increasing, making it a desirable target for cybercriminals.
What are some of the top challenges you see for organizations in India when it comes to protecting against cyberattacks and breaches and securing payment data?
Nitin Bhatnagar: Cyberattacks and data breaches on payment infrastructure are a global problem. Some of the common challenges here in India are:
- Companies in the region are more susceptible to attacks as they lag behind when it comes to incident detection and breach response time.
- Overall IT Security budget in India that for security is only 5-10% compared to 15-20% for some developed countries. With restricted budgets, innovation and quicker decision-making takes a backseat.
- Gap of skilled cybersecurity professionals in the country.
Overall, there is a need for a mindset change. Organizations need to become aware of security and take it seriously, because the criminals take it seriously - their sole objective is to break into an organization and steal data and monetize it.
How does the Indian market compare to other markets in terms of implementation of payment data security standards?
Nitin Bhatnagar: India has been low on awareness and adoption of payment data security standards. Effective implementation of PCI Standards to protect payment data can only be achieved with properly trained staff, having right processes in place and through right use of technology.
What opportunities do you see for improving payment security in India?
Nitin Bhatnagar: Recent breach incidents emphasize the need for payment security to ensure the continued growth and momentum of digital payments in the region. In order to achieve this, we need to look at bridging the gap of skilled payment security professionals in the country through supporting programs, training and resources for implementation and assessment of PCI Standards.
PCI Standards are global and in order to influence the standards there is a need for regional involvement as PCI SSC Participating Organizations and Affiliate Members. Participation in PCI SSC includes opportunities to provide feedback on standards, participate in Special Interest Groups (SIG) and run for the Board of Advisors (BoA), all of which have an important role in helping improve payment security in India.
What will be your focus in your new role as PCI SSC Associate Director for India?
Nitin Bhatnagar: My efforts will focus on fostering broad awareness, understanding and implementation of PCI Security Standards in India through active participation in payment industry events and by establishing positive relationships with banks, merchants, security practitioners, and other key stakeholders across the Indian payment ecosystem.
As part of this effort, PCI SSC will be hosting its first India Forum in New Delhi on 13 March 2019. By attending the India Forum, organizations will be able to bring a regional perspective on the PCI Standards. Businesses need to take advantage of this opportunity to get involved with industry stalwarts and raise their brand awareness in the payment card industry. We will be witnessing participation from policy makers, regulators, law enforcement, government of India, payment security specialists, merchants and service providers under one roof to express their needs and concerns around data security and how global data security standards are playing a crucial role in protecting payment data. Registration to attend the India Forum is now open on the PCI SSC website.