Innovation in payment technologies outruns the ability to prevent data breaches, according to a study by Experian Data Breach Resolution and Ponemon Institute.
As they respond to pressure to meet consumer expectations, companies expressed doubt regarding their ability to secure consumer data. Survey findings point to greater importance for consumers to take measures to protect themselves from identity theft.
The joint study asked professionals to weigh in on several topics, including who should be responsible for securing payment systems and how effective their organizations are in preparing for and responding to a payment card breach.
"Companies in the payments industry face a huge challenge keeping up with securing new technologies to protect customer data and with cybercriminals who are trying to penetrate card systems 24-7,” says Michael Bruemmer, vice-president, Experian Data Breach Resolution. “However, they are taking the right steps to shore up their defenses and prepare their incident response plans. Companies are concerned about the effect on consumers so it is encouraging to see a majority of respondents believe offering identity theft protection is a best practice in the event of a breach."
Multiple facets of payment risk
Study findings cover different aspects of the payment ecosystem, including:
• New technologies bring consumer convenience and increased security concerns. Most executives support implementation of EMV chip-and-PIN technology, with 59% indicating it is an important part of their organization's payment strategy. However, EMV may not be the security silver bullet payment professionals have been waiting for, the firms state, as barely more than half of respondents (53%) believe EMV cards will decrease the risk of a data breach.
Payments industry executives acknowledge the consumer convenience of new innovations, but are approaching new technology with caution. More than 50% of survey respondents believe the use of mobile payments systems increases the risk of suffering a data breach. More than half accept that risk (53%) and note that, for their company, customer convenience is more important than security.
Sixty-four percent of survey respondents believe it is more challenging to secure payment card information than other personally identifiable information.
• Pressure to act is increasing. Sixty-nine percent of survey respondents said media coverage of payment breaches over the past year caused their organizations to reevaluate and prioritize security.
Prioritizing breach prevention and response is gaining traction; 45% of survey respondents increased their security budgets. In addition, 41% hired more security staff, and 54% invested in new security technologies.
Companies are seeing increased attention from the C-suite, with 67% of survey respondents saying their executives are more supportive of enhanced security measures to protect payment information.
• While progress has been made, industry collaboration is lacking—Companies are investing in and taking steps to prevent future breaches included an increase in employee training (65% of survey respondents) and improving or putting a data breach response plan in place (56%).
Payment professionals recognize that individual breach preparedness is not enough and solving current and emerging security concerns can't be the job of a single entity. There is consensus on the need for cooperation, with 85% of survey respondents agreeing that industry collaboration is critical to achieving a high level of security in the emerging payment ecosystem.
And there is certainly room to grow, as the current level of industry collaboration is considered minimal (30% of respondents) to nonexistent (20%).
Download “Data Security In The Evolving Payments Ecosystem” [Registration required]