Data breach concept image with business icons andA survey of more than 3,700 IT security practitioners from more than a dozen major industry sectors found 54% of those firms surveyed had a security or data breach involving payment data, on average four times in past two years.​

The research, independently conducted by the Ponemon Institute on behalf of digital security firm Gemalto, also found that 55% of respondents did not know where all their payment data is stored or located and ownership for payment data security is not centralised, with 28% of respondents saying responsibility is with the chief information officer, 26% saying it is with the business unit, 19% with the compliance department, 15% with the CISO, and 14% with other departments.​

The report coincided with Visa Europe announcing that point-of sale spending has risen by 7.7% in the last year to €1.58 trillion, as part of its financial results.

According to the study, acceptance of new payment methods such as mobile, contactless and e-wallets will double over the next two years. While respondents say mobile payments account for just 9% of all payments today, in two years they expect this ratio to increase to 18% of all payments.

The study found that 72% of those surveyed believe these new payment methods are putting payment data at risk and 54% do not believe or are unsure their organization’s existing security protocols are capable of supporting these platforms.

Amongst respondents, 54% said that payment data security is not a top five security priority for their company, with only 31% feeling their company allocates enough resources to protecting payment data, 59% reporting their company permits third party access to payment data and of these only 34% utilise multi-factor authentication to secure access.

Just 44% said their companies use end-to-end encryption to protect payment data from the point of sale to when it is stored and/or sent to the financial institution.

The study comes a day after the British members of parliament working for the UK’s Treasury Select committee warned that poor progress in banking technology reform left the public “more exposed than necessary to the risk of bank failure.”

Reports Dan Barnes