The Dismal Sate Of Payment Data Security

With acceptance of mobile and other new forms of payments expected to double in the next two years, a new global study shows a critical need for organizations to improve their payment data security practices.

This is according to a recent survey of more than 3,700 IT security practitioners from more than a dozen major industry sectors conducted by the Ponemon Institute for Gemalto.

  • 54% of those surveyed said their company had a security or data breach involving payment data, four times in past two years in average.

This is not surprising given the security investments, practices and procedures highlighted by the surveyed respondents:

  •     55% said they did not know where all their payment data is stored or located.

Ownership for payment data security is not centralized with 28% of respondents saying responsibility is with the CIO, 26% saying it is with the business unit, 19% with the compliance department, 15% with the CISO, and 14% with other departments.

  • 54% said that payment data security is not a top five security priority for their company with only one third (31%) feeling their company allocates enough resources to protecting payment data.
  • 59% said their company permits third party access to payment data and of these only 34% utilize multi-factor authentication to secure access.
  • Less than half of respondents (44%) said their companies use end-to-end encryption to protect payment data from the point of sale to when it is stored and/or sent to the financial institution.
  •     74% said their companies are either not PCI DSS compliant or are only partially compliant.

“These independent research findings should be a wakeup call for business leaders,” said Jean-Francois Schreiber, Senior Vice President for Identity, Data and Software Services at Gemalto. “Given what was found with traditional payment methods and data security, companies involved with payment data must realize compliance is not enough and fully rethink their security practices, especially since a full one-third of those surveyed said compliance with PCI DSS is not sufficient for ensuring the security and integrity of payment data. The financial fallouts from data breaches, and the damages to corporate reputation and customer relationships will carry even greater potential risk as newer payment methods gain adoption,” added Schreiber.

New payment methods on the rise and so are security concerns

According to the study, acceptance of new payment methods such as mobile, contactless and e-wallets will double over the next two years. While respondents say mobile payments account for just 9% of all payments today, in two years they expect this ratio to increase to 18% of all payments.

Given the issues companies IT professionals reported to face in securing payment data accepted today through traditional methods, companies are likely to face even more difficulties in securing new payment methods.

In fact, the study found that nearly three quarters (72%) of those surveyed believe these new payment methods are putting payment data at risk and 54% do not believe or are unsure their organization’s existing security protocols are capable of supporting these platforms.

“Looking forward, as companies move to accept newer payment methods, their own confidence in their ability to protect that data is not strong. The majority of respondents felt protection of payment data wasn’t a top priority at their companies, and that the resources, technologies and personnel in place are insufficient.

Despite the trend to implement newer payment methods, those in the ‘IT security trenches’ don’t feel their organizations are ready. It is clearly critical for companies to look for and invest in solutions to close these data protection gaps, expeditiously,” concluded Schreiber.

Net Security: http://bit.ly/1nHDmgg

« Cyber and Reality Domains Converge As The US Targets ISIS Hackers
Europe’s Digital Watchdog Zeros In On US Tech »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Verisec International

Verisec International

Verisec International AB is a Swedish Tech company focused since inception in enabling Trust in Digital Transactions, through the development of proprietary cutting-edge technologies and services.

Fastpath Solutions

Fastpath Solutions

Fastpath deliver software solutions that enable you to take control of your security, compliance and risk management initiatives.

Haltdos

Haltdos

Haltdos is an AI driven website protection service that secures websites against today's cyber threats.

Optiv

Optiv

Optiv is a market-leading provider of end-to-end cyber security solutions. We help clients plan, build and run successful cyber security programs that achieve business objectives.

Xcina Consulting (XCL)

Xcina Consulting (XCL)

Xcina Consulting provides high quality business and technology risk assurance and advisory services.

Hornetsecurity

Hornetsecurity

Meet Hornetsecurity – Leading Cloud Email Security Provider. We protect global organizations so you can focus on what you do best.

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

The Center for Analysis & Investigation of Cyber-Attacks is one of the leading Kazakhstan organisations in the field of information and computer security.

Verodin

Verodin

Verodin is a business platform that provides organizations with the evidence needed to measure, manage and improve their cybersecurity effectiveness.

CNS Group

CNS Group

CNS Group provides industry leading cyber security though managed security services, penetration testing, consulting and compliance.

CyberMDX

CyberMDX

CyberMDX delivers proactive security built for hospital devices. 360° visibility, insight, and protection for all connected hospital technologies.

Measured Insurance

Measured Insurance

Measured Insurance are bridging the gap between technology and Insurance using AI-Powered analytics that track clients’ exposure in real time to create smarter insurance products.

SEIRIM

SEIRIM

SEIRIM delivers cybersecurity solutions in Shanghai China specializing in Web Application Security, Network Security for SME's, Vulnerability Management, and serving as Managed Security as a Service.

Zokyo

Zokyo

Zokyo is a venture studio that builds, secures, and funds legendary web3/crypto businesses.

Carahsoft Technology Corp

Carahsoft Technology Corp

Carahsoft Technology is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets.

Aliro Security

Aliro Security

AliroNet is the world’s first entanglement Advanced Secure Network solution.

Silicon Valley Cybersecurity Institute (SVCSI)

Silicon Valley Cybersecurity Institute (SVCSI)

SVCSI aims to investigate, develop, and promote technical excellence and the best security practices for dependable and secure systems and applications.