Organisations need to improve their payment data security practices as acceptance of mobile and other new forms of payments expected to double in the next two years, according to a new survey report published by the Ponemon Institute on behalf of Gemalto.
The survey, which involved 3,773 IT security practitioners, has shown a critical need for organizations to improve their payment data security practices.
Go deeper with GlobalData
According to the report, majority (54%) of the surveyed IT staff said their companies had a data breach involving payment data, four times in past two years in average.
The study on payment data security found that 55% of them did not know where all their payment data is stored or located.
The data revealed that ownership for payment data security is not centralized with 28% of respondents saying responsibility is with the CIO, 26% saying it is with the business unit, 19% with the compliance department, 15% with the CISO, and 14% with other departments.
The report added that 54% of those surveyed said that payment data security is not a top five security priority for their company with only one third (31%) feeling their company allocates enough resources to protecting payment data.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataNearly 59% of the respondents said their company permits third party access to payment data and of these only 34% utilize multi-factor authentication to secure access.
The study found that less than half of respondents (44%) feel that their companies use end-to-end encryption to protect payment data from the point of sale to when it is stored and/or sent to the financial institution, while 74% of their companies are either not PCI DSS compliant or are only partially compliant.
Gemalto senior vice president for identity, data and software services Jean-Francois Schreiber said: "Given what was found with traditional payment methods and data security, companies involved with payment data must realize compliance is not enough and fully rethink their security practices, especially since a full one-third of those surveyed said compliance with PCI DSS is not sufficient for ensuring the security and integrity of payment data.
"The financial fallouts from data breaches, and the damages to corporate reputation and customer relationships will carry even greater potential risk as newer payment methods gain adoption.
"The majority of respondents felt protection of payment data wasn’t a top priority at their companies, and that the resources, technologies and personnel in place are insufficient. It is clearly critical for companies to look for and invest in solutions to close these data protection gaps, expeditiously," added Schreiber.
