The Payment Card Industry (PCI) Security Standards Council Expands to the Middle East: A Response to Rising Card Fraud

As the Middle East experiences a surge in card-based payments, the Payment Card Industry (PCI) Security Standards Council (SSC) is taking proactive measures to enhance the security of these transactions. With the region witnessing an increase in payment-card fraud, the PCI SSC’s decision to extend its role to the Middle East is both timely and necessary.

A Growing Concern: The Rise of Card Fraud

In April 2023, the PCI SSC appointed a regional director specifically for the Middle East, a strategic move aimed at collaborating with regulators, banking institutions, and service providers to bolster the security of card transactions. This initiative comes at a critical juncture, as global card fraud is projected to escalate to $36 billion by 2024, up from $28 billion in 2020. Although the share of fraud relative to transaction volume is expected to decrease slightly to 6.5 cents per $100, the sheer volume of fraud remains alarming.

Nitin Bhatnagar, the newly appointed PCI SSC regional director for India and South Asia, emphasized the importance of addressing the evolving landscape of cyber threats. "Cyberattacks and data breaches on payment infrastructure are a global problem," he stated, highlighting the increasing risks posed by malware, ransomware, and phishing attempts. The PCI SSC aims to foster a cultural shift towards enhanced security awareness among organizations handling payments in the region.

The Changing Payment Landscape

The payment industry is undergoing significant transformations, particularly in the Middle East, where alternative payment methods are gaining traction. According to a September 2023 report by the Boston Consulting Group (BCG), the payments industry is expected to grow at an annual rate of 6.2% through 2027. While card-based transactions still dominate, accounting for over $30 trillion in point-of-sale and e-commerce transactions in 2023, alternative payment methods are rapidly expanding, totaling more than $11 trillion and growing at double the rate of card-based payments.

This shift in consumer preferences is evident, with Middle Eastern consumers favoring digital wallets over traditional cards—60% prefer digital wallets compared to 27% who prefer cards. This trend is mirrored in a report by McKinsey & Company, which indicates that consumers in the Asia-Pacific region still lean slightly towards cards.

The Threat of Cybercrime

As payment methods evolve, so too do the tactics employed by cybercriminals. A concerning statistic from the 2023 Fraud and Financial Crime Report by Kroll reveals that 70% of business executives in the United Arab Emirates anticipate an increase in financial crime risks over the next year. This sentiment underscores the urgency for businesses to adapt their security measures in response to the changing landscape.

To address these challenges, the PCI SSC has introduced new standards, including the PCI Mobile Payments on COTS (MPoC), aimed at enhancing the security of mobile-app-based payments. Bhatnagar noted that organizations must recognize the seriousness of security risks, as cybercriminals are increasingly sophisticated and determined to exploit vulnerabilities.

Cybersecurity Education and Technological Innovation

Preventing payment fraud has become a top priority in the Middle East and Africa (MEA) region, particularly as efforts to improve financial inclusion lead to a rise in mobile payments and digital banking. Initiatives like the open-source Tazama Project are being developed to create antifraud platforms for banks and governments, enabling them to leverage data on account holders and transactions to detect potential fraud.

In addition, Network International, a digital commerce platform in the MEA region, has adopted Mastercard’s AI-powered fraud-prevention solution to safeguard over 60,000 merchants from fraud. Bhatnagar emphasizes the need for organizations to prioritize data security and invest in cybersecurity measures. "Getting employees trained and improving on cyber hygiene will help organizations take steps in the right direction," he advises.

The Role of Emerging Technologies

The intersection of technology and payment security presents both challenges and opportunities. While cybercriminals are increasingly utilizing generative AI to perpetrate fraud, businesses can also harness this technology to enhance their fraud detection capabilities. According to Kroll, two-thirds of executives plan to invest in antifraud technology, and more than half intend to increase their cybersecurity budgets to mitigate risks.

Conclusion: A Call to Action

As the PCI Security Standards Council expands its efforts in the Middle East, the focus on enhancing payment security is more critical than ever. With the rise of digital wallets and alternative payment methods, organizations must adapt to the evolving landscape of cyber threats. By prioritizing cybersecurity education, investing in technology, and fostering a culture of security awareness, businesses can better protect themselves and their customers from the growing risks of payment fraud. The time for action is now, as the stakes continue to rise in this dynamic and rapidly changing environment.