The Dismal Sate Of Payment Data Security

With acceptance of mobile and other new forms of payments expected to double in the next two years, a new global study shows a critical need for organizations to improve their payment data security practices.

This is according to a recent survey of more than 3,700 IT security practitioners from more than a dozen major industry sectors conducted by the Ponemon Institute for Gemalto.

  • 54% of those surveyed said their company had a security or data breach involving payment data, four times in past two years in average.

This is not surprising given the security investments, practices and procedures highlighted by the surveyed respondents:

  •     55% said they did not know where all their payment data is stored or located.

Ownership for payment data security is not centralized with 28% of respondents saying responsibility is with the CIO, 26% saying it is with the business unit, 19% with the compliance department, 15% with the CISO, and 14% with other departments.

  • 54% said that payment data security is not a top five security priority for their company with only one third (31%) feeling their company allocates enough resources to protecting payment data.
  • 59% said their company permits third party access to payment data and of these only 34% utilize multi-factor authentication to secure access.
  • Less than half of respondents (44%) said their companies use end-to-end encryption to protect payment data from the point of sale to when it is stored and/or sent to the financial institution.
  •     74% said their companies are either not PCI DSS compliant or are only partially compliant.

“These independent research findings should be a wakeup call for business leaders,” said Jean-Francois Schreiber, Senior Vice President for Identity, Data and Software Services at Gemalto. “Given what was found with traditional payment methods and data security, companies involved with payment data must realize compliance is not enough and fully rethink their security practices, especially since a full one-third of those surveyed said compliance with PCI DSS is not sufficient for ensuring the security and integrity of payment data. The financial fallouts from data breaches, and the damages to corporate reputation and customer relationships will carry even greater potential risk as newer payment methods gain adoption,” added Schreiber.

New payment methods on the rise and so are security concerns

According to the study, acceptance of new payment methods such as mobile, contactless and e-wallets will double over the next two years. While respondents say mobile payments account for just 9% of all payments today, in two years they expect this ratio to increase to 18% of all payments.

Given the issues companies IT professionals reported to face in securing payment data accepted today through traditional methods, companies are likely to face even more difficulties in securing new payment methods.

In fact, the study found that nearly three quarters (72%) of those surveyed believe these new payment methods are putting payment data at risk and 54% do not believe or are unsure their organization’s existing security protocols are capable of supporting these platforms.

“Looking forward, as companies move to accept newer payment methods, their own confidence in their ability to protect that data is not strong. The majority of respondents felt protection of payment data wasn’t a top priority at their companies, and that the resources, technologies and personnel in place are insufficient.

Despite the trend to implement newer payment methods, those in the ‘IT security trenches’ don’t feel their organizations are ready. It is clearly critical for companies to look for and invest in solutions to close these data protection gaps, expeditiously,” concluded Schreiber.

Net Security: http://bit.ly/1nHDmgg

« Cyber and Reality Domains Converge As The US Targets ISIS Hackers
Europe’s Digital Watchdog Zeros In On US Tech »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CERT-AM

CERT-AM

CERT-AM is the national Computer Emergency Response Team for Armenia.

TechVets

TechVets

TechVets is a non-for-profit helping UK veterans and service leavers retrain into Cyber Security and Technology jobs.

LUCY Security

LUCY Security

LUCY is the answer when you want to increase your IT security, maintain your cyber security awareness, or test your IT defenses.

SYSGO

SYSGO

SYSGO is the leading European provider of real-time operating systems for critical embedded applications in the Internet of Things (IoT).

Cyber Security Academy (CSA)

Cyber Security Academy (CSA)

The CSA aims to educate professionals who wish to contribute to strengthening the digital defensibility of states, organisations and individual citizens.

Splone

Splone

Splone is a Berlin-based IT security research team and consultancy. We help improve IT-security by offering red team assements, penetration tests, audits and customized consulting.

Cubro Network Visibility

Cubro Network Visibility

Cubro network visibility solutions remove network monitoring ‘blind spots’ to provide enhanced visibility and control of all data transiting a company’s network.

Dr Web

Dr Web

Since 1992 the Russian anti-virus Dr.Web has been helping companies to keep their digital assets protected and operate in a secure digital environment.

Cyber Security Authority (CSA) - Ghana

Cyber Security Authority (CSA) - Ghana

The Cyber Security Authority has been established to regulate cybersecurity activities in Ghana.

PhishFirewall

PhishFirewall

PhishFirewall is an advanced AI-driven CyberSecurity Awareness Education, Threat Emulation, and Human Security Analytics Platform.

Yogosha

Yogosha

Yogosha is a crowdsourced cybersecurity platform enabling a win-win collaboration with the most talented hackers to detect and fix vulnerabilities on your most critical systems.

ThreatFabric

ThreatFabric

ThreatFabric integrates industry-leading threat intel, behavioral analytics, advanced device fingerprinting and over 10.000 adaptive fraud indicators.

Cyber News Live (CNL)

Cyber News Live (CNL)

Cyber News Live provide vital information and raise awareness about all things 'cyber' to ensure you stay protected in the digital world.

DIGISOC

DIGISOC

DIGISOC, a leader in Latin America in Cybersecurity solutions, combines machine learning with human intelligence to be effective in detecting cyber threats.

Identifid

Identifid

Identifid offers a suite of fraud prevention and identity authentication solutions to businesses and governments using the latest advances in AI, vision processing, and biometric recognition.

Sage IT

Sage IT

Sage IT offer a wide range of professional and consulting services to help organizations overcome the challenges of today's ever-changing business environment.