Global study shows increasing security risk to payment data


While acceptance of mobile and other new forms of payments is expected to double within next two years, a new study reveals that the eCommerce industry might be not fully ready for the bloom as the proper security measures are not implemented. Study shows that credit card and other payment methods risk is on increase.

A study has been conducted by Ponemon Institute on behalf of Gemalto among more than 3700 security practitioners.

55 percent of respondents did not know where their data is stored, which they considered either a very high risk [by 42% of respondents] or high risk [38%].


Main implications from the survey (image:


According to the independent study on Payment Data Security, more than half (54%) of those surveyed said their company was a victim off a security or data breach involving payment data four times in the past two years on average. However thrilling, this is rather not surprising given the security investments, practices and procedures highlighted by the surveyed respondents:

  • 55% said they did not know where all their payment data is stored or located.
  • In most cases the control of payment data security is not centralized. 28% of respondents claim the responsibility lays with the CIO. 26% direct it to the business unit. 19% to the compliance department. 15% to the CISO, and 14% to other departments.
  • 54% pointed out that payment data security does not belong to the top five security priorities for their company. Only third (31%) is feeling their company allocates enough resources to protecting payment data.
  • 59% said their company permits third party access to payment data and of these. Only 34% utilize multi-factor authentication to secure access.
  • Less than half of respondents (44%) said their companies use end-to-end encryption to protect payment data from the point of sale to when it is stored and/or sent to the financial institution.
  • 74% said their companies are either not fully PCI DSS compliant or are only partially compliant.

Target risk mitigation

As per our own targets and goals and a contrary to most businesses GPN DATA offers very well structured and diversified risk prevention tools. The security starts with full PCI-DSS 3.1 compliance, through transaction limits, cardholder geo-location, transaction fingerprinting, black and white lists, as well as Ethoca and Verifi prevention tools. In business relations the security comes first.

Reposted from:

Share this story, choose your platform!
Share on FacebookShare on LinkedInTweet about this on TwitterShare on Google+Pin on PinterestShare on RedditShare on VKEmail this to someonePrint this page

About the author: John Rothermel

John Rothermel

Senior copywriter for GPN DATA

Leave a comment