Payment data security practices in ruins, study suggests

Businesses need to step up their mobile payment security practices, and fast, if they are to keep up with the demand, the latest survey conducted by the Ponemon Institute suggests.

Done on behalf of digital security firm Gemalto, the report says that more than half of organisations questioned (54 per cent) suffered a data breach involving payment data – four times in the past two years, in average.

To put things into perspective, the report surveyed more than 3,700 IT security practitioners from more than a dozen major industry sectors.

The survey showed some devastating results: 55 per cent of those questioned didn’t know where their payment data is stored. Ownership over payment data security is also something that hasn’t been cleared – 28 per cent said the responsibility is CIO’s, 26 per cent with the business unit, 19 per cent with the compliance department, 15 per cent with the CISO and 14 per cent with other departments.

Basically, it’s a masterful mess.

Only one third (31 per cent) believes their company is offering enough resources to keep the data safe, while 54 per cent said keeping this data safe is not even in the top five security priorities.

"These independent research findings should be a wakeup call for business leaders," said Jean-Francois Schreiber, Senior Vice President for Identity, Data and Software Services at Gemalto. "Given what was found with traditional payment methods and data security, companies involved with payment data must realize compliance is not enough and fully rethink their security practices, especially since a full one-third of those surveyed said compliance with PCI DSS is not sufficient for ensuring the security and integrity of payment data. The financial fallouts from data breaches, and the damages to corporate reputation and customer relationships will carry even greater potential risk as newer payment methods gain adoption," added Schreiber.

The full report can be found on this link.