PCI COMPLIANCES by Udi Levin, AI Risk PCI and Cybersecurity

Category: Technology and Economics

  • AI and Identity Management

    AI and Identity Management

    MBTI in the Age of AI: From Static Labels to Dynamic Cognitive Mapping

    For decades, tools like MBTI helped organizations understand personality preferences — how people decide, process information, and lead.

    But AI is about to fundamentally reshape that model.

    Why?

    Because personality classification has always been based on self-reported answers in controlled questionnaires.

    AI, however, can now analyze:

    • Decision patterns over time

    • Communication style in emails and chats

    • Risk tolerance in real operational environments

    • Stress response in incident situations

    • Collaboration behavior in distributed teams

    Instead of a static 4-letter type, AI can build a dynamic cognitive-behavioral profile — continuously updated.

    What does this mean for Cyber & Risk Leaders?

    In cybersecurity and risk management, personality traits influence:

    • Incident response under pressure

    • Escalation timing

    • Control interpretation

    • Threat prioritization

    • Governance vs innovation bias

    An AI model trained on SOC behavior, audit decisions, or policy exceptions could identify:

    • Who detects anomalies fastest

    • Who over-calibrates risk

    • Who under-reacts

    • Who is best suited for zero-day response vs compliance governance

    This is similar to how AI now reads radiology scans — sometimes outperforming experts by detecting subtle patterns invisible to the human eye.

    In cyber, AI may soon detect cognitive blind spots better than managers can.

    The Identity Manager Impact

    Identity and Access Management (IAM) has traditionally focused on:

    • Roles

    • Policies

    • Entitlements

    But AI introduces a new dimension:

    Behavioral identity.

    Future IAM systems may adjust access dynamically based not only on role — but on behavioral deviation, stress signals, anomaly in cognitive patterns, or risk posture changes.

    Zero Trust could evolve from:

    “Never trust, always verify”

    to:

    “Continuously evaluate human cognitive behavior.”

    The Big Question

    If AI can profile cognitive patterns better than self-assessment tools…

    Do we still need MBTI?

    Or does personality become:

    • Real-time

    • Contextual

    • Measured through action rather than declared preference?

    The opportunity is enormous.

    The ethical implications are even larger.

    What happens when AI knows how you decide — better than you do?

    #AI #CyberSecurity #RiskManagement #ZeroTrust #IAM #Leadership #FutureOfWork

  • My Trip to China 2026 – update 3

    My Trip to China 2026 – update 3

    My trip to China in 2026 and the contrast between the streets of Shanghai or Shenzhen and those of Berlin or Paris (the difference is starker than ever)

    During my trip to south east China and Hong Kong, I saw so much “clean tech” in China (excellent electric transportation, no or light traffic jams, e-scooters, e-payments) that seems missing from the West.

    1. The “Low-Altitude Economy” (Drones & Flying Vehicles)

    What I saw—personal flight vehicles (eVTOLs) and delivery drones—is the result of China officially designating the “Low-Altitude Economy” as a strategic growth pillar in its current 15th Five-Year Plan (2026–2030).

    * China’s Approach: Beijing treats autonomous flight as inevitable. They have built massive “test cities” (like Shenzhen and Hangzhou) where drones delivered over 2.7 million packages in 2024 alone. New regulations taking effect in May 2026 provide a clear legal framework for air taxis and cargo drones to share the sky with passenger jets.

    * Europe’s Approach: Europe prioritizes privacy and safety risk. While the EU has advanced drone laws (the STS-01/02 standards), they are so focused on “Visual Line of Sight” and preventing crashes that it makes widespread commercial use nearly impossible in dense cities.

    2. E-Scooters and “Last-Mile” Dominance

    The ubiquity of e-scooters and electric delivery bikes in China is driven by a massive, vertically integrated manufacturing base.

    * Scale: China’s e-scooter market is currently valued at over $10 billion. Because they make the batteries (CATL, BYD) and the motors locally, a high-quality electric scooter in China can cost a fraction of what it does in Europe.

    * Infrastructure: While European cities are still debating where to park rental scooters, Chinese cities have largely integrated them into the “gig economy” (apps like Meituan), making them the primary tool for almost all urban logistics

    E-Helicopter

    E-scooters

  • Trade Policies, Supply Chains, and Cyber Risk Today

    Trade Policies, Supply Chains, and Cyber Risk Today

    Space and Size in Guangzhou Train Station 1-2026

    What Trump Tariff Actions Means for PCI, Supply-Chain Risk, and Cyber Regulation

    China is running historically large trade surpluses, while the United States—most visibly under Donald Trump and increasingly across party lines—has embraced tariffs and trade restrictions

    The return of old thinking has direct and often underestimated consequences for cyber-security frameworks, payment security, and regulatory compliance. When trade policy becomes a tool of state power, supply chains fragment, technology stacks regional, and risk models based on global availability quietly break.

    Supply Chains Are Becoming Less Transparent—and More Political

    Traditional PCI risk assessments assume relatively stable supplier relationships and predictable sourcing paths. Tariffs, export controls, and retaliatory trade measures disrupt this assumption. Hardware components, payment terminals, encryption, networking gear, and even cloud infrastructure suddenly become sourced from other vendors under political pressure rather than security preference.

    This increases:

    • Third-party risk concentration
    • Reduced ability to perform meaningful vendor due diligence
    • Hidden jurisdictional risks, especially where sanctions or controls change rapidly

    In a merchant environment, suppliers are selected for national alignment rather than security maturity.

    Risk Becomes a Tool of Economic Competition

    As countries weaponize trade, pressure increasingly follows. Export bans, technology restrictions, and sanctions create:

    • Intellectual property theft
    • Supply-chain tampering
    • Targeted cyber espionage against regulated industries
    • Pressure on foreign vendors operating in hostile jurisdictions

    For organizations operating PCI-scoped environments, this means the threat model itself is shifting. Attackers are not only criminals seeking card data; in some cases they are state-aligned actors targeting infrastructure, vendors, or trust relationships.

    PCI controls such as segmentation, monitoring, logging, and vendor management were designed for financial crime—but are now implicitly defending against geopolitical risk.

    Regulatory Convergence: PCI, DORA, NIS2, and Trade Policy

    Regulators are beginning to respond to this reality. Frameworks such as DORA (Digital Operational Resilience Act) and NIS2 in Europe explicitly address third-party dependency, operational resilience, and systemic risk—concepts that align closely with mercantile concerns about control and sovereignty.

    PCI DSS does not exist in isolation anymore. Organizations are increasingly expected to:

    • Demonstrate resilience, not just compliance
    • Understand where their technology comes from
    • Prove they can operate securely under disruption scenarios
    • Show that outsourcing does not mean outsourcing accountability

    Trade policy and cyber regulation are converging around the same principle: critical systems must remain trustworthy under stress.

    The Strategic Shift: From Cost Optimization to Control

    For years, global supply chains were optimized for cost and efficiency. The new environment prioritizes control, traceability, and political reliability. This has practical implications for PCI programs:

    • More scrutiny on hardware 
    • Increased emphasis on vendor exit strategies
    • Stronger requirements for inventory accuracy and asset tracking
    • Greater regulatory interest in concentration risk

    Security teams are being asked to solve problems that are no longer purely technical—they are geopolitical.

    Final Thought: PCI as a Strategic Discipline

    In a mercantile world, PCI compliance is no longer just about passing an audit or avoiding fines. It is part of a broader strategy to maintain trust, continuity, and control in an increasingly fragmented global system.

    Organizations that still treat PCI DSS as a checkbox exercise find themselves compliant—but operationally exposed. Those that integrate PCI, supply-chain governance, and cyber-resilience into a single risk framework will be better positioned for the next phase of global economic realignment.

    In today’s environment, payment security is no longer just about protecting card data—it is about protecting sovereignty, stability, and trust across borders.

  • My Visit to China January 2026 – First Post

    Portuguese Soldiers

    China, History, and the Shadows of Trade: A First Reflection

    During my recent trip to China, I was reminded how deeply history still shapes the way this country sees the world—and the West in particular. One episode kept resurfacing in conversations, museums, and context: the Opium Wars of the mid-19th century.

    What many of us in the West barely touch on in school is that China once sat at the center of global trade. For centuries, Europeans wanted Chinese goods—especially silk, tea, and porcelain—but China had little interest in European products. Trade was largely one-sided.

    Initially, China traded extensively with Japan, importing silver (then a core monetary metal) and exporting silk and other goods. Silver accumulated inside China and became the backbone of its economy. European powers—most notably Britain—soon entered the picture, buying Chinese goods and paying in silver as well.

    That’s when the problem emerged: a severe trade imbalance. Britain was hemorrhaging silver because China simply didn’t want British products. From Britain’s perspective, something had to change.

    The “solution” they chose was devastating.

    British traders began selling opium—grown mainly in British-controlled India—into China at artificially low prices. Despite Chinese bans, the trade exploded. The result was catastrophic: tens of millions of Chinese became addicted, draining families, weakening society, and destabilizing the economy.

    When the Chinese government finally moved to shut the trade down, Britain responded not with diplomacy—but with gunboats.

    Thus began the Opium Wars: two conflicts in the mid-19th century between China and European powers (primarily Britain, later joined by others). China lost both wars and was forced to sign humiliating treaties—opening ports, ceding Hong Kong, granting extraterritorial rights, and effectively surrendering sovereignty.

    Walking through China today, it becomes clear that this period is not ancient history here. It is remembered as the beginning of the “Century of Humiliation”—a trauma that still informs China’s politics, nationalism, and deep suspicion of foreign powers.

    This trip made me realize: to understand modern China, you can’t start with technology, manufacturing, or geopolitics.

    You have to start with history—and with wounds that never fully healed.

    More reflections to come.

    My impressions from a recent visit to China – first in a series