Of course, companies should be aware of attacks towards E-Commerce Payment throughout the entire year. However, it typically rises more during the holidays.
The Black Friday and Cyber Monday shopping sales have long been used by cyber-criminals to scam unsuspecting shoppers hunting for a bargain. The sustained surge in online shopping since the start of the COVID-19 pandemic has only provided further opportunities for nefarious actors to strike this sector. This includes attacking the payment systems used to undertake e-commerce transactions, for example, web skimming to steal users’ payment information.
In the Post-Pandemic era, online payments have increased. An interview with Neira Jones states that Payment Systems have always been a target. During the pandemic, consumers and businesses substantially increased their online activities, and those that weren’t previously digital became digital. As a result, the number of card payment transactions increased. At the same time, the capabilities of threat actors continued to evolve and escalate, and they have developed many skills to exploit existing and emerging weaknesses. More vulnerabilities have occurred because we’re using more technology, some of which businesses were unfamiliar with. This applies to payment systems and processes in the SME space.
Thankfully, the new PCI 4.0 standard has been a few years in the making. This version is massive, and to give you an idea of scale, the previous version in 2018 was 139 pages long, whereas Version 4.0 is 360 pages long. That tells us that the PCI Security Standards Council is seeing the challenges in the card payment industry and is trying to address those challenges in the new version of PCI DSS.
This new version is more flexible, which is important because there is never a one-size-fits-all, so there needs to be more flexibility in assessing the kind of controls you need. This is based on sound principles that have followed how the world has been moving in terms of more cloud services, for example, working from home and the importance of authentication and authorization. All of those things are in the new standard.
For the full interview, click the link below.