CTO POV: PCI SSC leaders meet in Washington, D.C.

David King
David King
is CTO at Flywire.

Flywire CISO Barbara Cousins and I recently had the privilege to represent Flywire at the PCI Security Standards Council (PCI SSC) Board of Advisors meeting in Washington, D.C. It was an incredible experience to be part of this esteemed group of just 52 global companies that serves the global card payments industry. The Board of Advisors assists PCI SSC in its mission to enhance global payment account data security. It provides input to PCI SSC in connection with its development of standards, along with supporting services that drive education, awareness, and effective implementation of these standards among stakeholders. In an increasingly vulnerable landscape, PCI SSC and its standards stand as a beacon of security amid a sea of insecurity.

As strategic leaders, our role on the Board of Advisors is to bring market, geographical, and technical insights to PCI SSC's plans and projects. PCI SSC oversees 15 security standards that encompass various aspects of payment security, from physical card production to secure software development and everything in between. These standards aim to safeguard data throughout the entire lifecycle of a payment, from the card issuer and consumer to the acquirer or merchant processor, as well as vendors, service/solution providers, and merchants themselves.

One of the fundamental aspects of payment security lies in the delicate balance between minimizing friction and preventing fraud. One industry approach seeking to strike such a balance is 3D Secure, a process that adds an extra verification step for cardholders with their issuers. 3D Secure isn't a requirement in PCI v4 – but is required in the UK under the PSD2 legislation and a good practice to do for on-line transactions by the eCommerce company. While this verification process effectively reduces fraud, it can also introduce friction for consumers, potentially leading to decreased transaction completion rates.

Another important focus in today’s payments industry is Generative AI, which poses both potential threats as well as benefits. Potential threats include the possibility that Generative AI could simulate human-like behavior on a chat bot, deceiving customer service representatives and obtaining sensitive information. Benefits include the possibility of leveraging AI to model behavioral dynamics, enabling the detection of fraudulent transactions that deviate from a payer's normal patterns.

Thinking ahead to the future of payments, post-quantum cryptography is also top of mind. The objective of post-quantum cryptography is to develop cryptographic systems that can withstand attacks from both quantum and classical computers, ensuring long-term security in the face of advancing technology.

Being part of the PCI SSC Board of Advisors is a tremendous honor for Flywire, as it allows us to actively participate in helping to shape and secure the future of global payments. We are committed to leveraging our expertise and insights to contribute meaningfully to the ongoing development of standards and practices that safeguard payment account data worldwide.

For more on PCI DSS: