Organisations need to improve their payment data security practices as acceptance of mobile and other new forms of payments expected to double in the next two years, according to a new survey report published by the Ponemon Institute on behalf of Gemalto.

The survey, which involved 3,773 IT security practitioners, has shown a critical need for organizations to improve their payment data security practices.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

According to the report, majority (54%) of the surveyed IT staff said their companies had a data breach involving payment data, four times in past two years in average.

The study on payment data security found that 55% of them did not know where all their payment data is stored or located.

The data revealed that ownership for payment data security is not centralized with 28% of respondents saying responsibility is with the CIO, 26% saying it is with the business unit, 19% with the compliance department, 15% with the CISO, and 14% with other departments.

The report added that 54% of those surveyed said that payment data security is not a top five security priority for their company with only one third (31%) feeling their company allocates enough resources to protecting payment data.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Nearly 59% of the respondents said their company permits third party access to payment data and of these only 34% utilize multi-factor authentication to secure access.

The study found that less than half of respondents (44%) feel that their companies use end-to-end encryption to protect payment data from the point of sale to when it is stored and/or sent to the financial institution, while 74% of their companies are either not PCI DSS compliant or are only partially compliant.

Gemalto senior vice president for identity, data and software services Jean-Francois Schreiber said: "Given what was found with traditional payment methods and data security, companies involved with payment data must realize compliance is not enough and fully rethink their security practices, especially since a full one-third of those surveyed said compliance with PCI DSS is not sufficient for ensuring the security and integrity of payment data.

"The financial fallouts from data breaches, and the damages to corporate reputation and customer relationships will carry even greater potential risk as newer payment methods gain adoption.

"The majority of respondents felt protection of payment data wasn’t a top priority at their companies, and that the resources, technologies and personnel in place are insufficient. It is clearly critical for companies to look for and invest in solutions to close these data protection gaps, expeditiously," added Schreiber.