Bank of Baku urges aligning PCI-DSS requirements to national legislation

BAKU, Azerbaijan, June 10. PCI-DSS (Payment
Card Industry Data Security Standard) requirements are necessary to
be aligned with the national legislation, Deputy Director of the
Payment Systems Department of Bank of Baku, Tamerlan Rustamov, said
during the second day of “International Finance and Banking Summit
2026: Global Financial Integration of Turkic States” in Baku,
Trend reports.

He noted that one of the main problems in the development of
digital payment platforms is the increase in fraud risks and its
impact on the cost of financial services.

"Payment service providers spend significant funds on fraud.
This ultimately affects the cost of financial services. Another
important issue is the protection of users' trust and confidence.
For the development of financial inclusion, it is not enough to
provide access to bank accounts alone, but trust in the system must
also be maintained," the deputy director emphasized.

Rustamov pointed out that, based on the principles established
by the Bank for International Settlements, a fraud risk management
framework should be formed in each country for the digital payment
ecosystem.

According to him, fraud risks are assessed separately within the
framework of operational risks, and relevant recommendations have
been developed for banks.

"The risk management framework can be approached by both the
Central Bank, banks, and fintech companies. The PCI-DSS standards,
which have been actively discussed recently, are also of particular
importance in this regard. When implementing these requirements for
the protection of payment card data, it is important to properly
assess the ecosystem and align it with national legislation," he
added.

Rustamov said that in some cases, additional security
requirements may create additional costs for financial
institutions. Therefore, it's important to determine appropriate
mechanisms based on risk assessment.

He also noted that the application of limits is one of the
important tools in the fight against fraud.

"The application of limits is not a new approach. The limit of
40,000 manat ($23,530) has been applied in the Small Payments
Settlement Clearing System for many years. This approach plays an
important role in reducing risks in both card-to-card transactions
and other transfers," the deputy director added.

PCI-DSS is an international security standard developed to
ensure the security of payment card data.