In the wake of some of the largest data breaches in history, which were specifically payment card breaches, we thought it would be insightful to take a closer look at how companies are dealing with the aftermath.
We are proud to partner with the Ponemon Institute, a premier research think tank, to release the first industry study that closely examines payment technologies and the growing threat of data breaches.
The study, “Data Security in the Evolving Payments Ecosystem,” asked professionals to weigh in on several topics including who should be responsible for securing payment systems and how effective their organizations is in preparing for and responding to a payment card breach.
New technologies bring consumer convenience and increased security concerns
Executives are feeling the challenges of keeping up with the security of emerging systems. While most executives support implementation of EMV chip and PIN technology, for example, with 59 percent of survey respondents indicating it is an important part of their organization’s payment strategy, they do not feel it is the security silver bullet.
Barely more than half of respondents (53 percent) believe EMV cards will decrease the risk of a data breach.
However, companies are pressured to integrate new systems acknowledging consumer convenience and preferences. More than half accept that risk (53 percent) and noted that, for their company, customer convenience is more important than security.
Reality has set in
The recent high profile data breaches have had a profound effect on business and they now realize how devastating a breach can be on company reputation and loss of revenue.
In fact, a majority of survey respondents (69 percent) are most concerned about loss of customer loyalty after a data breach and fraudulent charges on customers’ payment cards (55 percent). In looking inward, they also do not feel their company is effective in responding to payment card breaches (35 percent).
On the right track
It seems not a day goes by without the media reporting on a data breach. This has had an effect as 69 percent of survey respondents said media coverage of payment breaches over the past year caused their organizations to re-evaluate and prioritize security.
It’s encouraging to see that this is leading to action; companies are seeing increased attention from the c-suite, with 67 percent of survey respondents saying their executives are more supportive of enhanced security measures to protect payment information. Furthermore, 45 percent of survey respondents increased their security budgets, and 41 percent hired more security staff.
Industry collaboration is lacking
While companies are doing more, they realize there is still even more to be done. Sixty-five percent of survey respondents said they are increasing employee training (65 percent) and improving or putting a data breach response plan in place (56 percent of survey respondents).
Payment professionals also recognize that solving current and emerging security concerns can’t be the job of a single entity. There is consensus on the need for cooperation, with 85 percent of survey respondents agreeing that industry collaboration is critical to achieving a high level of security in the emerging payment ecosystem.
And there is certainly room to grow, as the current level of industry collaboration is considered minimal (30 percent of respondents) to nonexistent (20 percent) by survey respondents.
The security outlook for all those organizations involved in the payment ecosystem is mixed. It will be challenging to constantly keep up the pace with new technologies and ward off cybercriminals 24-7, while satisfying consumers who value the benefits of emerging systems.
The best path forward for companies is to face the issue head on and prepare for the inevitable data breach and their incident response to mitigate the fallout.
To access the full report, Data Security in the Evolving Payments Ecosystem, visit Experian.com/databreach.