The growth of mobile payment acceptance is driving adoption, but it is, at the same time, creating a data security vacuum in the back end, with most companies reportedly lagging behind in upgrading their security profiles, Gemalto research has found.
The research, which surveyed over 3,700 IT security practitioners from more than a dozen major industry sectors, found that while mobile payments are expected to double in the next two years, companies are increasingly becoming vulnerable to cyberattacks.
The numbers seem to back up the claim. Of the surveyed base, over 54 percent reported that their company’s payment data had been breached about four times in the last two years, and yet payment data security was not among the top five security concerns of their company, according to the survey results.
“These independent research findings should be a wakeup call for business leaders,” said Jean-Francois Schreiber, SVP for identity, data and software services at Gemalto. “The financial fallouts from data breaches and the damages to corporate reputation and customer relationships will carry even greater potential risk as newer payment methods gain adoption.”
A lack of PCI DSS compliance emerged as one of the very basic problems plaguing the industry with repeated cyberattacks. In the survey, 74 percent of respondents reported that their company was not PCI DSS-compliant or was only partially compliant.
Some of the other problems included a lack of end-to-end encryption, with only 44 percent reporting that their company used it to protect payment data from the point of sale to when it was stored or sent to a financial institution.
“Given what was found with traditional payment methods and data security, companies involved with payment data must realize compliance is not enough and fully rethink their security practices, especially since a full one-third of those surveyed said compliance with PCI DSS is not sufficient for ensuring the security and integrity of payment data,” added Schreiber.