Azerbaijan to switch to new payment card data security standard (Exclusive)


Azerbaijan will switch to the new payment card data security standard PCI DSS 4.0 next year, Deputy Director General of Compliance Control Evgeny Babitsky told Trend.

“As an international company, we work with Visa, MasterCard, and SWIFT, which develop global standards for the entire world market. Recently, a new version of the PCI DSS 4.0 standard has been released. This is a completely reworked standard that will be adopted by the global community as mandatory from April 2024. We were directly involved in its development. The transition to the new version of the standard is already in progress, and from April 2024 it will be mandatory for all payment and financial organizations in the Azerbaijani market. We are helping our customers to prepare in advance for this transition in terms of compliance with the new requirements of the standard,” he said.

Babitsky noted that Azerbaijan’s information security sector is fairly developed.

“There are unique trends and patterns in cybersecurity in Azerbaijan. Regul
ar specialized events allow experts to share experience and discuss the latest tendencies. It is important that the country’s experts do not copy the experience of other countries without analyzing its relevancy to the local market. Taking into account the peculiarities of each market, including the distribution of cybersecurity budgets, they actively follow the development of the sector,” Babitsky said.

Speaking about the security of banks in an underdeveloped market, Babitsky noted that most security incidents in the financial sector are related to human factor.

“In markets that are just starting to develop, there is a lack of maturity and people often do not know how to respond to cybersecurity incidents. Unlike Azerbaijan, where standards of cybersecurity are higher, in new markets, customers are not trained to interact with scammers, which leads to gullibility and handing over sensitive data to them. This creates challenges for financial organizations that have to deal with negative consequences and cu
stomer charges. Tracking down scam ads online, especially those disguised as a specific bank, is a complex task that requires specialized and expensive systems,” Babitsky explained.

He emphasized that scams are not the only cybersecurity challenges that the banks face.

“We investigate hundreds of cybersecurity cases every year, but with limited budgets, banks have to improve their cybersecurity by making tracking of fraud links a low priority. Many organizations turn to such systems later in their information security development due to limited resources. Not everyone can afford it, and not everyone has reached the level of development to effectively track fraud links, which can lead to end users getting scammed,” he concluded.

Compliance Control is one of the first information security consulting companies in Russia. It started its activity in 2012 as a specialized auditor in the field of payment data security and requirements of VISA and Mastercard.

The Compliance Control company has Qualified Security
Assessor (QSA) status, which allows it to conduct certification audits for compliance with PCI DSS requirements.

Source: Trend News Agency