Azerbaijan proposes to integrate payment card security standards into law

In Azerbaijan, the integration of the Payment Card Industry Data Security Standard (PCI DSS) requirements into national legislation is considered essential, according to Tamerlan Rustamov, head of the expert group on payment systems and digital banking under the Azerbaijan Banks Association (ABA), Report informs.

Speaking at the 10th International Finance and Banking Summit in Baku, Rustamov explained that PCI DSS standards, which have recently been actively discussed within the framework of risk management, are directly related to the security of payment card data.

He emphasized: "Before applying any requirements, the ecosystem must be comprehensively assessed. Possible requirements should first be reflected in national legislation. Otherwise, differences in approaches may arise, creating additional financial burdens for ecosystem participants."

Rustamov stated that the assessment may show that some institutions only need to meet one or two basic requirements. In such cases, those requirements could be integrated into local legislation with the support of the Central Bank of Azerbaijan, allowing low-risk financial institutions to ensure information security under domestic regulations. "On the other hand, if the assessment deems it necessary, higher-risk institutions may need to pursue PCI DSS certification or compliance with its full set of requirements," he added.

This proposal is aimed at strengthening risk management, enhancing information security, and ensuring that financial institutions operate under uniform standards.