What’s Next for Payments Security? 2024 Trends and Predictions

The payments industry is undergoing rapid changes, driven by technological innovations, consumer preferences, regulatory developments and security challenges. In this blog post, we will explore some of the key trends and predictions for payments security in 2024.

The Future of Payments is Mobile

Through 2023, more consumers have shifted from cash and debit cards to mobile wallet-based payments. The convenience of the device in our pockets is set to drive a surge in growth for wallet-based payments throughout 2024 and beyond.

It is estimated that wallet-based payments will overtake debit and credit card payments within the next three to ten years. This shift presents both opportunities and challenges for payments security.

eCommerce as a Target for Cybercrime

In the wake of the Covid-19 pandemic, eCommerce grew by 55%. While 2022 saw slower growth, FIS Global predicts that eCommerce will expand more rapidly in 2024, in part driven by mobile commerce through apps and social media.

However, this growth makes the channel more attractive to, and more lucrative for, cybercriminals. In 2023, we saw the prolific Magecart campaign evolve its tactics and breaking out of the Magneto platform to compromise javascript in payments pages across a broader set of websites. We’ll continue to see innovation from cybercriminals seeking to exploit vulnerable websites and payment service plug-ins to steal payments data.

PCI DSS v4.0 Sets a New Bar for Payment Security

In March 2024, PCI DSS v4.0 takes over from its predecessor, bringing in a host of new requirements for merchants and service providers with the goal of further elevating the security of payments.

As a result of the increasing obligations on merchants, especially in the SMB sector, it’s expected that many organizations will seek solutions that remove their business from directly handling payment cards. Adoption of P2PE solutions and outsourced payment processing will increase over 2024 and 2025.

With the new standard come improved controls for website security, responding to both the growth of eCommerce and the increasing cyber-threats to online payments.

Automating Scoping for PCI DSS Compliance

Another of the significant changes introduced in PCI DSS v4.0 is the requirement for organizations to perform periodic scope validation. This is likely to drive more businesses toward automated discovery solutions. More frequent scanning will help organizations identify and maintain their intended PCI DSS scope boundaries more effectively, thereby lowering exposure and risk of data breaches.

Increasing Value Through Payments Analytics

As innovative payment solutions emerge, organizations will seek to derive increased value from consumer behavior, purchasing activity and payments data through analytics. The insights they gain will support value-driven service offerings and provide better consumer insights for decision-making.

However, this activity is likely to result in greater information collection and processing, including personally identifiable information (PII). Organizations will need to ensure they satisfy local and cross-border privacy and data protection legislation, as well as payments regulations and security standards.

As payments become more mobile and digital growth continues in 2024, the payments industry will transform offering new possibilities and benefits for consumers and businesses alike. However, this also means that payments security is more important than ever, as cybercriminals target the growing eCommerce sector and exploit vulnerabilities in payment systems.