The Dismal Sate Of Payment Data Security

Uploaded on 2016-02-03 in BUSINESS-Services-Financial, FREE TO VIEW, NEWS-Cybersecurity News

With acceptance of mobile and other new forms of payments expected to double in the next two years, a new global study shows a critical need for organizations to improve their payment data security practices.

This is according to a recent survey of more than 3,700 IT security practitioners from more than a dozen major industry sectors conducted by the Ponemon Institute for Gemalto.

  • 54% of those surveyed said their company had a security or data breach involving payment data, four times in past two years in average.

This is not surprising given the security investments, practices and procedures highlighted by the surveyed respondents:

  •     55% said they did not know where all their payment data is stored or located.

Ownership for payment data security is not centralized with 28% of respondents saying responsibility is with the CIO, 26% saying it is with the business unit, 19% with the compliance department, 15% with the CISO, and 14% with other departments.

  • 54% said that payment data security is not a top five security priority for their company with only one third (31%) feeling their company allocates enough resources to protecting payment data.
  • 59% said their company permits third party access to payment data and of these only 34% utilize multi-factor authentication to secure access.
  • Less than half of respondents (44%) said their companies use end-to-end encryption to protect payment data from the point of sale to when it is stored and/or sent to the financial institution.
  •     74% said their companies are either not PCI DSS compliant or are only partially compliant.

“These independent research findings should be a wakeup call for business leaders,” said Jean-Francois Schreiber, Senior Vice President for Identity, Data and Software Services at Gemalto. “Given what was found with traditional payment methods and data security, companies involved with payment data must realize compliance is not enough and fully rethink their security practices, especially since a full one-third of those surveyed said compliance with PCI DSS is not sufficient for ensuring the security and integrity of payment data. The financial fallouts from data breaches, and the damages to corporate reputation and customer relationships will carry even greater potential risk as newer payment methods gain adoption,” added Schreiber.

New payment methods on the rise and so are security concerns

According to the study, acceptance of new payment methods such as mobile, contactless and e-wallets will double over the next two years. While respondents say mobile payments account for just 9% of all payments today, in two years they expect this ratio to increase to 18% of all payments.

Given the issues companies IT professionals reported to face in securing payment data accepted today through traditional methods, companies are likely to face even more difficulties in securing new payment methods.

In fact, the study found that nearly three quarters (72%) of those surveyed believe these new payment methods are putting payment data at risk and 54% do not believe or are unsure their organization’s existing security protocols are capable of supporting these platforms.

“Looking forward, as companies move to accept newer payment methods, their own confidence in their ability to protect that data is not strong. The majority of respondents felt protection of payment data wasn’t a top priority at their companies, and that the resources, technologies and personnel in place are insufficient.

Despite the trend to implement newer payment methods, those in the ‘IT security trenches’ don’t feel their organizations are ready. It is clearly critical for companies to look for and invest in solutions to close these data protection gaps, expeditiously,” concluded Schreiber.

Net Security: http://bit.ly/1nHDmgg

« Cyber and Reality Domains Converge As The US Targets ISIS Hackers
Europe’s Digital Watchdog Zeros In On US Tech »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Bricata

Bricata

Bricata offers industry-leading IPS solutions for enterprise-wide threat prevention and unparalleled situational awareness.

Untangle

Untangle

Untangle provides network security products designed specifically for the below-enterprise market, safeguarding businesses, home offices, nonprofits, schools and governmental organizations.

CyberSeek

CyberSeek

CyberSeek provides detailed, actionable data about supply and demand in the cybersecurity job market.

Digital Arts

Digital Arts

Digital Arts provides internet security software and appliance products for companies and individuals.

Invensity

Invensity

INVENSITY is an interdisciplinary technology and innovation consulting company. Centres of excellence include Cyber Security and Data Privacy.

iSolutions

iSolutions

iSolutions is an official reseller and engineering company of leading products and solutions for cybersecurity and information protection, optimization, visualization and control of applications

VariQ

VariQ

VariQ is a premier provider of Cybersecurity, Software Development and Cloud services to federal, state, and local government.

Phy-Cy.X Security Group

Phy-Cy.X Security Group

Phy-Cy.X specialize in the “Physics” of Information Security through both physical and cyber domains. We are not an IT company, we ARE an Information Security company.

Akito

Akito

Akito was set up to become a point of reference in the ICT market for issues related to Security and in particular Cyber Security.

Clear Skye

Clear Skye

Clear Skye, an Identity Access and Management (IAM) software company, reimagines enterprise identity access and risk management software to make a complicated problem easier to manage.

Valence Security

Valence Security

Valence manages and secures your Business Application Mesh by delivering visibility, reducing unauthorized access and preventing data loss.

Searchlight Cyber

Searchlight Cyber

Searchlight Cyber is a leading darknet intelligence company. Working with law enforcement, industry, and end users to help protect society against the threats of the darknet.

Accops Systems

Accops Systems

Accops enables secure and instant remote access to business applications from any device and network, ensuring compliant enterprise mobility.

Agile Defense

Agile Defense

Agile Defense is an Information Technology services provider, delivering leading-edge Digital Transformation solutions to the Federal Government.

ZAG Technical Services

ZAG Technical Services

ZAG Technical Services is an award-winning information technology consulting firm delivering digital transformation solutions, IT assessments, managed services, security, and support.

Assura

Assura

Assura provides innovative cybersecurity advisory and managed services to all industries including government, healthcare, financial, manufacturing, and transportation sectors.