Security Insights and Innovations: Highlights from the 2024 Asia-Pacific Community Meeting

Last week, we made the trip to Hanoi, Vietnam, for the final PCI Community Meeting event of the year. The 2024 Asia-Pacific Community Meeting did not disappoint.

Reinforcing the messages from the North America and European events, the APAC conference brought together hundreds of payment security stakeholders both in-person and virtually, representing 26 countries around the world. The agenda focused on the central theme of “shaping the future of payment security,” with a wide-ranging program of talks and interactive workshops.

These are just a small selection of our highlights from the event.

Assessing payment security in 2024

On the opening day of the event, LGMS Chief Operating Officer and PCI QSA, Gilbert Chu, presented his session “Charting the Course: Assessing 2024’s Payment Security Scene, Predicting 2025's Trends.”

His insightful session centered around major payments breaches that have occurred since the inception of the PCI DSS and the costs of fines and penalties issued as a result. He also looked ahead, considering the impact of emerging technologies, evolving threat landscapes and industry trends on payments security and data breaches in the future, encouraging organizations to adopt a flexible and proactive approach to payments security and data security more broadly.

Security in an age of exponential innovation

Thursday’s keynote, presented by Dr Bruce McCabe, Global Futurist, tackled the issues of rapid innovation and disruptive change for cybersecurity. He highlighted the major advancements expected in AI, enabling them to interact in a more human-like manner, raising significant security concerns for phishing and social engineering. 

While the potential threats from AI are wide reaching – potentially risking privacy, compromising anonymity and creating new vulnerabilities – AI also offers new opportunities for cybersecurity innovation, particularly in scam and fraud identification and prevention. 

The changing face of payments

In their session discussing regional payment security trends, the PCI SSC highlighted the migration from traditional payment methods to mobile wallets and payment apps, particularly with the rise of QR payments in the Asia marketplace. While these new payment channels offer more consumer choice and flexibility, they are soon targeted by cybercriminals seeking financial gain.

Meanwhile, the cybersecurity skills gap continues to grow with a global shortage estimated to be around 3.4m cybersecurity workers. This is a worrying statistic, when 87% of business leaders said their organizations have experienced a cyber breach.

Lessons from a payments data breach

Our final session highlight comes from John Rundell’s eye-opening “Case study of a card data breach within a ransomware attack.” Rundell, Stratica CEO and forensics expert, explained how hackers stole 30,000 card numbers during a ransomware attack, posting them to the dark web. This type of extortion behavior is typical of ransomware attacks, as cybercriminals seek to ensure that companies pay their ransom demands.

The session emphasized the importance of engaging with qualified PCI PFI companies in the event of a data breach where payment card data may be affected, to ensure a comprehensive investigation and response.

The Asia-Pacific Community Meeting provided a valuable opportunity to learn from experts and network with colleagues. We want to express our appreciation to the PCI SSC, the speakers and the sponsors for their vital roles in organizing and supporting this event.