What Does Data Security Look Like in MENA?

The PCI Security Standards Council hosts some of the best data security conferences on the entire planet and best of all t is that each conference is tailored specifically to the region it’s held in.

Interestingly enough, at the recent 2015 Middle East Forum held in the Conrad Hotel, Dubai, the focus was not as much on preventing credit card fraud. More rudimentarily, it was about the need to convince nervous consumers in an emerging market that credit card fraud is nothing to be afraid of.

A Big But Hesitant Market

Commerce in general is booming in MENA, and there’s currently a mad scramble to get into the market before it matures, to start earning customer loyalty early.

Plenty of international e-commerce companies are trying to get a slice of the fresh, tasty pie as well, but customers aren’t biting as hard as they are elsewhere in the world.

An estimated 56% of consumers surveyed named credit card fraud as their number one concern regarding online purchasing, and given the absurd number of hacks taking place around the world on a daily basis we don’t really blame them.

The temporary situation comes in the form of prepaid cards, which are being used quite widely. Consumers can charge these cards beforehand, and use these cards in their online payments to ensure that their credit card numbers never enter a merchant’s database (if you’d like to learn more about prepaid cards, check out this blog article.)

In reality, prepaid cards do not really help negate the risk – they do little more than provide a placebo sense of security.

The real solution is creating an online payment environment that users will feel safe using their cards in.

That dream is one that the PCI DSS council works towards fulfilling, along with merchants and data security experts from around the world.

MENA At A Glance

Is the region worth tapping into? With 175 million MENA internet users, an $18 billion growth in credit card usage, and a projection that 80 million MENA consumers will be using mobile banking by 2017, we have to respond to that rhetorical question with a sarcastic yet very respectful “duh”.

How safe, though, is MENA in comparison to the rest of the world in terms of data security? One key indicator is the fact that 86.3% of terminals are chip-enabled, compared to America who has only just started using the technology in the last year. Riding on the commerce boom, new technologies like ApplePay and biometric payment methods are also projected to be less than 2 years away, assuming they prove worth implementing.

None of this is to say that PCI compliance is not a priority in MENA- on the contrary, quite a few well-known Emirati companies were in attendance at the event.

Word on the floor, though, is that in the banking industry, PCI compliance is compulsory for banks in Saudi Arabia, but not yet in the UAE.

Only the top 4 acquiring banks in UAE are held to the council’s standards for credit card security, while the other 50 or so banks are not strictly regulated.

No Need To Try Harder Because No One Else Is Trying Either

In Dubai, not many websites are currently offering e-commerce solutions at the moment. One Dubai resident that I spoke to lamented that not many commercial websites offer anything more than the bare bones [homepage/about us/products/contact us] page combo. Because tourism is so rich in Dubai that store walk-in-in traffic is already organically high, there really isn’t a need to try harder to get customers.

But given that commerce is growing faster than they can build a Disneyland AND a Universal Studios in Dubai, it’s only a matter of time before consumers make online payment a staple, and hackers start taking notice.

But just as merchants are concerned with slowly nurturing their businesses in the region, so should PCI compliance grow into a mandatory business need. Because if online payment takes off while PCI compliance doesn’t, it’s going to spell very bad news for everyone, except the hackers.