Dan Schutzer, a senior technology consultant at the Financial Services Roundtables BITS technology division, recently stressed the need for payment standard integration and security innovation as cybersecurity standards like EMV, PCI DSS and NIST framework continue to evolve.
“The standards… go a long way in helping to secure the payments process, but they don’t solve the problem entirely,” Schutzer said, adding that following any one standard “blindly” may not allow organizations to fully reach their security goals.
Additionally, Schutzer said protecting against data breaches requires more than just compliance with standards “by treating them as a check-off list.”
“Security is not just about systems, technology and processes—it is about people who need to be motivated, incentivized and instilled with the right attitude—to remain vigilant and in a constant state of preparedness… improving and testing their systems, technology and processes against an ever sophisticated, evolving and adaptive threat,” Schutzer said.
Schutzer said cybersecurity professionals need to monitor the payments space and determine how current standards should be adapted to technological developments.
He also said that while existing standards and emerging standards like the NIST cybersecurity framework released by the Obama administration help to reduce fraud and data breaches, “they are not silver bullets.”
“Security is an escalating arms race,” Schutzer said. “We need to continuously research, improve and adapt in order to prevail. Most importantly, both users and operators of the payment system must be motivated and instilled with the proper security attitude and trained to achieve a high state of readiness.”