View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. News
  2. Company news
January 27, 2016updated 04 Apr 2017 3:59pm

Companies need to beef up payment data security practices: Gemalto

Organisations need to improve their payment data security practices as acceptance of mobile and other new forms of payments expected to double in the next two years, according to a new survey report published by the Ponemon Institute on behalf of Gemalto.

By Verdict Staff

Organisations need to improve their payment data security practices as acceptance of mobile and other new forms of payments expected to double in the next two years, according to a new survey report published by the Ponemon Institute on behalf of Gemalto.

The survey, which involved 3,773 IT security practitioners, has shown a critical need for organizations to improve their payment data security practices.

According to the report, majority (54%) of the surveyed IT staff said their companies had a data breach involving payment data, four times in past two years in average.

The study on payment data security found that 55% of them did not know where all their payment data is stored or located.

The data revealed that ownership for payment data security is not centralized with 28% of respondents saying responsibility is with the CIO, 26% saying it is with the business unit, 19% with the compliance department, 15% with the CISO, and 14% with other departments.

The report added that 54% of those surveyed said that payment data security is not a top five security priority for their company with only one third (31%) feeling their company allocates enough resources to protecting payment data.

Nearly 59% of the respondents said their company permits third party access to payment data and of these only 34% utilize multi-factor authentication to secure access.

The study found that less than half of respondents (44%) feel that their companies use end-to-end encryption to protect payment data from the point of sale to when it is stored and/or sent to the financial institution, while 74% of their companies are either not PCI DSS compliant or are only partially compliant.

Gemalto senior vice president for identity, data and software services Jean-Francois Schreiber said: "Given what was found with traditional payment methods and data security, companies involved with payment data must realize compliance is not enough and fully rethink their security practices, especially since a full one-third of those surveyed said compliance with PCI DSS is not sufficient for ensuring the security and integrity of payment data.

"The financial fallouts from data breaches, and the damages to corporate reputation and customer relationships will carry even greater potential risk as newer payment methods gain adoption.

"The majority of respondents felt protection of payment data wasn’t a top priority at their companies, and that the resources, technologies and personnel in place are insufficient. It is clearly critical for companies to look for and invest in solutions to close these data protection gaps, expeditiously," added Schreiber.

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. A weekly roundup of the latest news and analysis, sent every Wednesday.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU

Thank you for subscribing to Electronic Payments International