Data security in the payments ecosystem

Experian Data Breach Resolution and the Ponemon Institute asked professionals to weigh in on several topics including who should be responsible for securing payment systems and how effective their organizations is in preparing for and responding to a payment card breach.

“The mega payment card breaches last year put cybersecurity front and center for corporate America and consumers,” said Michael Bruemmer, vice president, Experian Data Breach Resolution. “Companies in the payments industry face a huge challenge keeping up with securing new technologies to protect customer data and with cybercriminals who are trying to penetrate card systems 24-7. However, they are taking the right steps to shore up their defenses and prepare their incident response plan. Companies are concerned about the effect on consumers so it is encouraging to see a majority of respondents believe offering identity theft protection is a best practice in the event of a breach.”

New technologies bring consumer convenience and increased security concerns:

• Most executives support implementation of EMV “chip and PIN” technology, with 59 percent of survey respondents indicating it is an important part of their organization’s payment strategy. However, EMV is not the security silver bullet payment professionals have been waiting for, as barely more than half of respondents (53 percent) believe EMV cards will decrease the risk of a data breach.
• Payments industry executives acknowledge the consumer convenience of new innovations, but are approaching new technology with caution. More than 50 percent of survey respondents believe the use of mobile payments systems increases the risk of suffering a data breach. More than half accept that risk (53 percent) and noted that, for their company, customer convenience is more important than security.
• Sixty-four percent of survey respondents believe it is more challenging to secure payment card information that other personally identifiable information.

Pressure to act is increasing:

• Sixty-nine percent of survey respondents said media coverage of payment breaches over the past year caused their organizations to re-evaluate and prioritize security.
• Prioritizing breach prevention and response is gaining traction; 45 percent of survey respondents increased their security budgets. In addition, 41 percent hired more security staff, and 54 percent invested in new security technologies.
• Companies are seeing increased attention from the c-suite, with 67 percent of survey respondents saying their executives are more supportive of enhanced security measures to protect payment information.

While progress has been made, industry collaboration is lacking:

• Companies are investing in and taking steps to prevent future breaches included an increase in employee training (65 percent of survey respondents) and improving or putting a data breach response plan in place (56 percent of survey respondents).
• Payment professionals recognize that individual breach preparedness is not enough and solving current and emerging security concerns can’t be the job of a single entity. There is consensus on the need for cooperation, with 85 percent of survey respondents agreeing that industry collaboration is critical to achieving a high level of security in the emerging payment ecosystem.
• And there is certainly room to grow, as the current level of industry collaboration is considered minimal (30 percent of respondents) to nonexistent (20 percent).