Get All Access for $5/mo

Data Security Must be a Priority for Businesses in India Security is only as strong as the weakest link

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.


India is becoming a world leader in online and digital payments, both in terms of the volume of payments made and the rate at which online payments are increasing. For this to continue, consumers need to know that businesses are making the safety of their payment card information a top priority. As a result, more and more businesses are relying on third-party payment service providers for payment processing, as this allows them to focus on their core business while outsourcing these services to specialists.

Even if you outsource, you still have a duty of care to your customers

One of the brilliant things about outsourcing your company's payment security problems is that it is no longer your responsibility to make sure your customers' payment data is secure, right? This is one of the most common misconceptions about data security, and it can be a career-ending error for any business owner or decision-maker.

When somebody pays a merchant for goods and services – whether a pair of trainers, groceries, a hotel room or a restaurant meal – that merchant is responsible for the transfer of the data to the payment service provider. If the merchant has not implemented the right security processes and applied them to the transfer process, then customer payment data is vulnerable to theft at all points during the transfer process.

This situation can allow a merchant to be the victim of what is called a "Man in the Middle" attack - a form of data theft that occurs when a hacker sits in the middle of a transactional process between two parties. With this attack, hackers insert malware that redirects merchant transaction data intended for the payment service provider to the criminal. When this occurs, all payment data being redirected comes through the hacker first and the hacker then sends it on to the payment service provider. The payment service provider is often not aware that this attack occurred. The hacker then packages up the data and sells it to the highest bidder. In the most extreme examples, hackers have been known to sit in the middle of these processes undetected for more than four years.

Know your customer? Know your supplier.

The second issue is that anybody can become a payment service provider. It is the responsibility of a business owner, operations executive or IT manager to undertake proper due diligence before selecting a payment service provider.

Payment service providers must have security controls and processes in place that protect payment card data in accordance with the PCI Data Security Standard (PCI DSS). If customer data is stolen, it is the merchant, not the payment service provider that makes headlines. A lot of businesses that experience major payment data theft fail because the financial and reputational recriminations are simply too great a challenge to recover from.

As a result, it is imperative that merchants ask for proof that their payment service providers have undergone a successful PCI DSS assessment by a PCI Qualified Security Assessor.

India at the payment security frontier

India is one of the fastest growing economies and the popularity of e-commerce and mobile commerce has exploded in recent years. This is fantastic for international and domestic trade. However, the Indian market now attracts truly global attention. As millions of Indian consumers go digital each year – the value of digital transactions using digital wallets has gone up by 64% in just one year – the opportunity for data theft increases exponentially

What business leaders must do

Data security and management is no longer the sole responsibility of data or IT managers – the board of directors, including the CEO, are equally accountable. As a result, there are a number of business imperatives for companies in India. First, the CEO must start to take data security seriously. This starts with hiring someone who will ensure that their security department has the right processes in place, covering both their own security efforts and ensuring due diligence is undertaken with all third parties. This is an issue for businesses of any size.

Second, the CIO must ensure that their security departments are securing payment data, specifically according to the PCI DSS, regardless of third-party outsourcing options. If they are not, customer payment data is not safe.

Third, CFOs must implore their board to invest in data security. No matter the health of the economy or sector, every business has financial pressures and investment in data security must be made a priority.

Fourth, and maybe most important, is training. People are a critical part of keeping payment data safe and secure. Matter how good their payment service provider might be, businesses cannot overlook the importance of training their own staff on security basics. Data security training programmes, which are designed for all levels of staff at almost any type of organization, exist and are available. To protect their customers' payment data, businesses must make data security education part of business as usual for their staff.


Keeping customer data safe not just an IT issue – it requires people, process and technology working together securely. Failing to conduct secure business is a major reputational issue for any marketplace. To counter this, India's business leaders have a responsibility to enable and promote payment data protection that ensures the long-term success and development of their own company's future as well as the wider Indian economy.

Jeremy King leads the Council's efforts in increasing adoption and awareness of the PCI Security Standards internationally. In this role, Mr. King works closely with the Council's General Manager and representatives of its policy-setting executive committee from American Express, Discover, JCB International, MasterCard, and Visa, Inc.

His chief responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SSC managed standards through all international markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences, and meetings with key stakeholders.

He also serves as a resource for Approved Scanning Vendors, Qualified Security Assessors, Internal Security Assessors, PCI Forensic Investigators, and related staff in supporting regional training, certification, and testing programs.

Science & Technology

How Generative AI Is Revolutionizing the Travel Industry

GenAI won't displace travel agents; instead, it will enhance their efficiency, enabling them to focus on crafting tailored experiences that resonate with travelers on a deeper level.

Business News

Mark Cuban's Google Account Was Hacked By 'Sophisticated' Bad Actors

The "Shark Tank" star said someone "called and said I had an intruder and spoofed [Google's] recovery methods."

News and Trends

Demand for Electronic Components Expected to Reach $240 Billion to Support Electronics Production Worth $500 Billion by 2030: CII

The Confederation of Indian Industry (CII) has published a comprehensive report projecting a five fold increase in the demand for electronic components and sub-assemblies in India by 2030.

Business News

Target Teams Up With Shopify To Give Online Small Businesses Brick-and-Mortar Shelf Space

Target has an online Amazon competitor marketplace, and it's taking applications from small businesses now.

News and Trends

India's AI Advancements in 7 Science Fields: Golden Age Yet to Come

Investors and startups in India are focusing on the seven wonders of science: the brain, the mind, evolution, the quantum world, our planet, the universe, and life itself

Growing a Business

Free Webinar | July 10: How to Get Your Products Sold in Stores

Join Ross MacKay, co-founder of Daring and founder of Cadence, as he shares his expertise on successfully getting your products onto store shelves. With experience in placing products in over 40,000 stores nationwide, Ross will provide actionable insights on creating a demand-driven brand from the start.