The Payment Card Industry (PCI) Security Standards Council plans to expand its role to the Middle East, as the volume of card-based payments continues to grow in the region and, along with it, payment card fraud.
In April, the PCI SSC assigned a regional director for the Middle East to work with regulators, banking and financial institutions and service providers on initiatives to improve the security of card transactions. The move comes as global card fraud volume is expected to reach $36 billion in 2024, up from $28 billion in 2020, although the percentage of fraud to transaction volume will decline slightly, to 6 .5 cents per 100 dollars, according to the annual “Nilson Report” published in December.
The PCI SSC plans to work closely with any organization that handles payments within the Middle East payments ecosystem, with a focus on security, says Nitin Bhatnagar, PCI Security Standards Council regional director for India and South Asia, which will now also oversee efforts in the Middle East sector.
“Cyber attacks and data breaches on payment infrastructure are a global problem,” he says. “Threats such as malware, ransomware and phishing attempts continue to increase the risk of security breaches. Overall, a change in mindset is needed.”
The push comes as the payments industry itself faces significant changes, as alternatives to traditional payment cards take off and financial fraud grows in the Middle East.
According to experts, the payments sector will likely grow at an annual rate of 6.2% by 2027, a healthy pace, although lower than the 8.3% growth rate of the past five years. a September 2023 report published by the Boston Consulting Group. While card-based financial transactions continue to dominate, accounting for more than $30 trillion in point-of-sale and e-commerce transactions in 2023, alternative payment methods are taking off, totaling more than $11 trillion in 2023 and with a double the expected growth. of card-based payments, according to BCG’s Global Payments Model.
Currently, there are more than 5,000 fintechs globally representing $100 billion in revenue, a number expected to grow to $520 billion by 2030, according to BCG.
Digital wallets, not plastic cards
The Middle East is one of the regions where the changes are most pronounced. Consumers in the Middle East prefer digital wallets to cards, 60% to 27%, as their preferred payment method, while consumers in the Asia-Pacific region slightly prefer cards, 43% to 38%, according to an August 2021 report from consulting firm McKinsey & Company.
Cyber criminals follow these changes as well, and this worries businesses in the region. Seven in 10 business executives in the United Arab Emirates, for example, believe financial crime risks will worsen over the next 12 months, essentially the same as U.S. executives, according to the “Fraud and Financial Crime Report 2023” published by the consultancy firm Kroll.
The PCI Security Standards Council plans to adapt to the digital landscape and introduced a standard for mobile payments in November 2022, PCI Mobile Payments over COTS (MPoC)which provides a standard for developing mobile app-based payments.
“Emerging technologies and innovation are reshaping our industry, along with the growing popularity of mobile payments and contactless transactions,” says Bhatnagar. “Organizations need to become aware of security risks and take them seriously, because criminals take it seriously: their only goal is to break into an organization, steal data and monetize it.”
Cybersecurity education and technology
Preventing payment fraud has become a priority in the Middle East and Africa (MEA) region, as efforts to improve financial inclusion have led to more mobile payments and digital bank accounts.
The open source Tazama project, for example, is build an anti-fraud platform for banks and governments to enable them to use account holder and transaction data to detect likely fraud. Meanwhile, Network International, a digital commerce platform in the Middle East and Africa, has adopted Mastercard’s AI-powered anti-fraud solution reduce fraud in digital transactions.
“Organizations should start prioritizing data security as an important element in their daily business activities,” says Bhatnagar. “Investing in cybersecurity is equally important. Training employees and improving cyber hygiene will help organizations take steps in the right direction.”
Technologies like generative AI could both help and hurt payment security. As cybercriminals increasingly use technology to steal money from consumers, businesses are able to use technology to spot more fraud schemes. According to consultancy Kroll, two-thirds of executives (64%) currently plan to invest in anti-fraud technologies and more than half (56%) plan to increase their cybersecurity budget to address the risk.