 |
| Source: Gemalto infographic. |
With mobile and other new forms of payments expected to double in the next two years, an independent global study shows a critical need for organisations to improve their payment data security practices. This is according to a recent survey* of more than 3,700 IT security practitioners from more than a dozen major industry sectors independently conducted by the Ponemon Institute on behalf of Gemalto, the digital security provider.
According to the study, over half (54%) of those surveyed said their company had experienced a security or data breach involving payment data four times in the past two years on average. This is not surprising given the security investments, practices and procedures highlighted by the surveyed respondents:
More than half (55%) said they did not know where all their payment data is stored or located.
Ownership for payment data security is not centralised with 28% of respondents saying responsibility is with the CIO, 26% saying it is with the business unit, 19% with the compliance department, 15% with the CISO, and 14% with other departments.
A similar proportion (54%) said that payment data security is not a top five security priority for their company, with only one third (31%) feeling their company allocates enough resources to protecting payment data.
Nearly six in 10 (59%) said their company permits third party access to payment data and of these only a third (34%) utilise multifactor authentication to secure access.
Less than half of respondents (44%) said their companies use end-to-end encryption to protect payment data from the point of sale to when it is stored and/or sent to the financial institution.
Almost three-quarters (74%) said their companies are either not Payment Card Industry Data Security Standard (PCI DSS) compliant or are only partially compliant.
Almost three-quarters (74%) said their companies are either not Payment Card Industry Data Security Standard (PCI DSS) compliant or are only partially compliant.
"These independent research findings should be a wakeup call for business leaders," said Jean-Francois Schreiber, Senior Vice President for Identity, Data and Software Services at Gemalto. "Given what was found with traditional payment methods and data security, companies involved with payment data must realise compliance is not enough and fully rethink their security practices, especially since a full one-third of those surveyed said compliance with PCI DSS is not sufficient for ensuring the security and integrity of payment data. The financial fallouts from data breaches, and the damages to corporate reputation and customer relationships will carry even greater potential risk as newer payment methods gain adoption," added Schreiber.
 |
| Source: Gemalto infographic. |
New payment methods are on the rise
According to the study, acceptance of new payment methods such as mobile, contactless and e-wallets will double over the next two years. While respondents say mobile payments account for just 9% of all payments today, they expect this ratio to increase to 18% of all payments in two years. Given the issues companies IT professionals report they face in securing payment data today, companies are likely to face even more challenges when securing new payment methods. The study found that nearly three quarters (72%) of those surveyed believe new payment methods are putting payment data at risk and 54% do not believe or are unsure if their organisation's existing security protocols are capable of supporting these platforms.
"Looking forward, as companies move to accept newer payment methods, their own confidence in their ability to protect that data is not strong. The majority of respondents felt protection of payment data wasn't a top priority at their companies, and that the resources, technologies and personnel in place are insufficient. Despite the trend to implement newer payment methods, those in the 'IT security trenches' don't feel their organisations are ready. It is clearly critical for companies to look for and invest in solutions to close these data protection gaps, expeditiously," said Schreiber.
Interested?
Watch the associated video: Secure the Breach – a Three Step Approach to Data Security
View the complete infographic: Global Payment Data Security Trends (PDF)
View the complete infographic: Global Payment Data Security Trends (PDF)
*The survey was conducted by the Ponemon Institute on behalf of Gemalto and surveyed 3,773 IT and IT security practitioners in the US, UK, Germany, France, Belgium, Netherlands, Japan, India, Russian Federation, the Middle East and South Africa. Industries represented include communications, entertainment & media, financial services, government, healthcare, hospitality, IT services, retail, technology, transportation, and utilities. All respondents are familiar and involved in their companies' approach to securing payment data. Most respondents are involved in setting priorities and selecting vendors and contractors in their companies' payment ecosystem.
No comments:
Post a Comment