The document discusses PCI-DSS compliance requirements for payment gateways in India. It provides background on PCI-DSS, noting that it was created by major credit card companies to establish security standards for processing card payments. It then discusses key details about PCI-DSS applicability and requirements in India, the large size of India's card payment market, and statistics on debit card, credit card, ATM and POS usage. It also summarizes common fraud issues and cases seen in India related to credit and debit cards.
1. PCI-DSS Compliance in
India for Start Payment
Gateway Business
Credit - By CA. Priyadarshan Behera
Complied by - MyOnlineCA
2. About PCI-DSS :
The Payment Card Industry Data Security Standard
(PCI DSS) is a widely accepted set of policies and
procedures intended to optimize the security of
credit, debit and cash card transactions and protect
cardholders against misuse of their personal
information. The Payment Card Industry Security
Standards Council (PCI SSC) was launched on
September 7, 2006 to manage the ongoing evolution
of the Payment Card Industry (PCI) security
standards with focus on improving payment account
security throughout the transaction process.
3. Key Players in PCI-DSS :
Often denoted as PCI-DSS, the Payment Card
Industry - Data Security Standard was developed by
major credit card companies as a guideline to help
organizations that process card payments combat
and prevent credit card fraud, hacking and various
security vulnerabilities as well as threats. The PCI
DSS was created jointly in 2004 by four major credit-
card companies: Visa, MasterCard, Discover and
American Express.
4. Applicability of PCI :
PCI applies to ALL organizations or merchants, regardless of
size or number of transactions, that accepts, transmits or
stores any cardholder data. Said another way, if any customer
of that organization ever pays the merchant directly using a
credit card or debit card, then the PCI-DSS requirements
apply.
5. Requirements of PCI-DSS In India :
India,the second-most populous country with over
1.27 billion people, and the most populous
democracy in the world,where E-payments through
cards are extensively used for various transactions.
The transaction level of 45 million debit card
transactions for Rs 7,000 Cr in value p.m. and 19
million credit cards transactions for Rs 12,000 Cr in
value p.m. shows that the card payment industry is
no longer small as it used to be 5 years back.
Continues….
6. …….
India has emerged as the ransomware capital
of Asia Pacific with 11% of the total victims
belonging to the country. The report that was
released in October 2013, pointed out that
the internet users too adopted 'risky' habits
such as accessing bank account or shopping
online through a public or unsecure Wi-Fi or
sharing passwords that made them more
vulnerable to threats.
7. Statistic about the usage :
0
50
100
150
200
250
300
350
Debit Card
(336M)
ATM's
(0.12M)
Credit Card
(19M)
POS
Terminals
(0.9M)
Million
8. In sum, the size of the card payments market in India
is big and getting bigger day by day. As per the
Symantec Internet security, Threat Report 2013,
countries leading the charts in threat pertaining to
bank cards are United States, China and India and
India accounting for 6.5% of the total targeted
attacks in 2012. In sum, the incident level is a matter
of concern for our country. Since several countries
have taken different preventive steps, we should
guard ourselves against card fraud moving in to
India & we can’t ignore the fact that “Fraudsters are
a step ahead of Market”.
9. Frauds in India & its Involvement in Global Scam :
A man allegedly involved in theft of Credit Card of
more than 30K customers of a private sector bank &
making transactions worth crores of rupees finally
landed in police net in 2013 in Delhi.
Glimpse of Card Frauds in India :-
SBI lodges FIR in ATM frauds case- Patna.
Teacher loses Rs 14K in ATM fraud- Ambala.
E-banking fraud: 1.2L stolen from dentist’s account- Dadar.
Honcho loses Rs 19L in cyber fraud- New Delhi.
6 arrested for online fraud- Allahabad.
Man loses his July salary to card fraud in 25 mins- Mumbai.
Debit card racket with overseas link unearthed – Madurai.
10. International Credit Card Scam :
200 Million Dollar Credit Card Scam:-
Five Indian-origin men were among 18 others charged for
running a whopping 200 million dollar global credit card
fraud under which they used thousands of fake identities to
dupe businesses and financial firms and wired millions of
dollars to Pakistan and India. This types of incidents
clearly depicts how Indians are actively
involved in various frauds involving
debit/credit cards. As a result there is
a high alarm in the banking, retail &
other sectors using online cards for
processing their day to day transactions.
11. Telephone Card Payment in India :
There is a risk that organizations taking customer
payment card details over the telephone may be
recording the full cardholder details to comply with
various regulatory bodies, potentially exposing
cardholder data to unnecessary risk. With 66 percent
of Indian consumers using their personal mobile
device for both work and play, this creates entirely
new security risks for enterprises as cybercriminals
have the potential to access even more valuable
information.
12. Conclusion :
Considering the rapid growth of the cards payment
markets & merchants in India, sooner we have to
adopt additional factor of authentication for card
present transactions in various terminals dealing with
debit/credit cards.
The way frauds related to credit/debit cards are
spreading across various corner in India , it becomes
imperative for organisations to covers them under
PCI-DSS.