Payment data threatened by lack of expertise

A study has revealed that 54 per cent of IT professionals are working for a company that has experienced a data security breach within the last two years.

Most affected companies saw an average of four data breaches within this period, in fact, and the results of the survey show that there is an immediate need for companies to overhaul the way they protect payment data.

The study, which was carried out by Gemalto, questioned more than 3,700 IT security professionals. 55 per cent of those who took part could not pinpoint where their payment data is located or stored. Responsibility for payment data security is also not consistent, with different companies assigning the responsibility to different individuals and departments.

This is a concern, considering that the way people pay for goods online and in shops is changing; for example, more and more companies are taking mobile payments.

More than half of the respondents said that the issue of payment data security is not high on their priority list, with 54 per cent stating that it is not among their top five priorities. Just under one-third of the survey participants (31 per cent) said their company is doing enough to protect payment data.

Issues from the survey that are causing concern include the fact that 59 per cent said that their company allows third parties to access the payment data. Less than half of companies (44 per cent) are using end-to-end encryption to protect the information, and nearly three-quarters of companies (74 per cent) are not fully PCI DSS compliant.