Security hasn't kept pace with technology and there is widespread concern that new payment technology such as virtual currencies, mobile payments and e-wallets increase a breach risk, according to a new study.
The survey, “Data Security in the Evolving Payments Ecosystem,” from Dublin, Ireland based-Experian and Traverse City, Mich.-based Ponemon Institute, used the responses of 748 U.S-based individuals in IT/IT security, risk management, product development and others involved in their organization's payments systems.
The study found that emerging payments technologies coming in the wake of 2014's mega retail breaches are threatening a landscape in which financial institutions, retailers, payment processors and credit card brands are facing more scrutiny than ever before.
“While risk and security concerns loom, large and new technologies are being deployed because they offer vastly improved customer convenience. Throughout our study, we found a large percentage of companies are likely to keep moving forward with deployment of new technologies despite concerns about security. More than half of respondents say customer convenience was a higher priority to their organization than security,” the study revealed.
Despite the perils, security hasn't kept pace with technology and, even with mitigation efforts including adoption of chip and pin payment cards, companies lack confidence in their current security measures. More than two-thirds of respondents (68%) said pressure to migrate to new payment systems puts customer data at risk.
Fifty-nine percent cited EMV chip and PIN cards as an important part of their organization's payment strategy. But, only 53% of respondents believed chip and PIN cards will decrease or significantly decrease the risk of a data breach.
Respondents believed their companies face new threats posed by continued innovation in payment technologies. In fact, 59% of respondents expected data breach risk to increase through the use of mobile payments at point of sale in stores, and 54% believed near field communications technology will increase the risk of suffering a breach. According to the study, the most likely innovations to increase the risk of a data breach are: Virtual currencies (65%), mobile payments in stores (59%), e-Wallets for retailers (58%), mobile payments on devices/apps (57%) and near field communications (54%).
In addition to concerns over the ability to secure the next generation of payments technologies, there was also uncertainty about the ability of breached companies to properly manage a security response. Throughout the industry, organizations continued to be deficient in governance and security.
With security threats increasing, the payments sector acknowledged the need to improve: only 16% felt companies were effective in breach response and 50% reported minimal to no industry collaboration amongst key stakeholders despite efforts from the National Retail Federation and The Retail Industry Leaders Association.
How did payment card companies respond to highly publicized data breaches? Sixty-nine percent said highly publicized data breaches did increase their awareness about securing their payment processes. In response to these well-publicized breaches, most respondents (56%) said one of the first steps their organization took was risk assessment of personal information in their systems, followed by investments in enabling technologies (53%) and allocating more money for security (45%).
The two stakeholders most responsible for ensuring the security of payments systems, according to the survey respondents, were financial institutions (45%) and credit card companies (40%). Only 21% said conventional or Internet retailers should be responsible for ensuring the security of payment systems. Respondents considered payment technology providers the least responsible.
While 67% of respondents said these high profile breaches made their organization's C-level executives more supportive of enhanced security measures over payments, 49% of respondents were unsure, disagreed or strongly disagreed that the security of electronic payments was a top priority issue for their organization.
The Identity Theft Resource Center reported that as of April 21, 256 data breach incidents took place in 2015 with more than 102 million records exposed. This represents a drop of approximately 4% in the number of breaches from last year's total for the same time period. The Business (39.5%) and Medical/Healthcare (345) sectors accounted for the majority of incidents with Banking/Credit/Financial next (10.2%).
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
