COSTA MESA, Calif. (5/4/15)--With new payment systems comes more risk to consumer data, a new survey indicates. About 68% of payment-systems professionals say pressure to migrate to new payment systems puts customer data at greater risk instead of making it safer, according to a new survey by Experian and the Ponemon Institute.
While some respondents doubt the ability of “chip and PIN” to address the current security issues with card payments, they also believe their companies face new threats posed by continued innovation in payment technologies.
In fact, 59% of respondents expect data breach risk to increase through the use of mobile payments at the point of sale in stores, and 54% believe near-field communications technology will increase the risk of suffering a breach.
In addition to concerns over the ability to secure the next generation of payments technologies, there is also uncertainty about the ability of breached companies to properly manage a security response.
Throughout the industry, organizations continue to be deficient in governance and security practices that could strengthen their data breach preparedness. Only 16% of respondents feel companies are very effective in breach response, which suggests much room for improvement in responding to the aftermath of a major incident.
Sixty-nine percent of companies say media coverage of breaches, including those in the payments industry, over the past year caused their organizations to re-evaluate and prioritize security.
Along with improving security, companies also recognize their responsibility and the importance of protecting their customers after an incident occurs and improving incident response planning. A majority of companies (61%) provide identity theft protection and fraud resolution services as a best practice. Another 56% are re-evaluating and improving incident response planning for a breach, leading to greater communication and guidance to affected customers.
CUNA continues to press lawmakers to pass legislation that would require merchants to meet the same strict payment data security standards required of financial institutions.