The State of Payment Data Security - Infographic

2 downloads 164 Views 302KB Size Report
mobile payments such as Apple. Pay, Samsung Pay or other contactless payment methods today and 51% of companies have pla
T AT E S OF E H T

M

UR IT Y

P AY

EN

C TD E AT A S

This infographic summarizes key findings of The Global Study on the State of Payment Data Security by Gemalto who surveyed more than 3,700 IT and IT security practitioners worldwide to gauge how companies are securing payment data and the security risks as new mobile payment methods grow in acceptance.

KEY FINDINGS MOST COMPANIES HAVE EXPERIENCED A DATA BREACH INVOLVING PAYMENT DATA

54

%

of respondents say their company has had a data breach involving payment data an average of four times in the past two years

?

?

??

? 55%

NOT ALL COMPANIES KNOW WHERE PAYMENT DATA IS LOCATED. of companies do not know where all their payment data is stored

PAYMENT DATA HAS MANY POINTS OF VULNERABILITY TO SECURITY THREATS

42% 33% 25%

said when it is stored said when in transit between the company and financial institution or payment processor said data at the point-of-sale

THE SECURITY OF PAYMENT DATA IS NOT ALWAYS A TOP PRIORITY

54 31

MOBILE PAYMENTS WILL DOUBLE IN THE NEXT TWO YEARS

HALF OF ALL COMPANIES HAVE PLANS TO ACCEPT MOBILE PAYMENTS

> 9% of all payments are mobile today > 18% of all payments will be mobile in two years

Today, 14% of companies accept mobile payments such as Apple Pay, Samsung Pay or other contactless payment methods today and 51% of companies have plans to accept mobile payments in the future.

%

%

of companies do not put payment data security as a top five security priority of companies say they allocate enough resources to the protection of payment data

NOT ALL COMPANIES ARE CONFIDENT IN THEIR ABILITY TO SECURE NEXT GENERATION PAYMENT METHODS 54% of companies do not believe or unsure if their existing security protocols are capable of supporting these platforms.

TRENDS IN PAYMENT DATA SECURITY TOP SECURITY TECHNOLOGIES USED TO PROTECT PAYMENT DATA

92%

93% Firewalls

75 %

Anti-Virus / Anti-Malware

Intrusion detection and prevention (IDS/IPS)

46 %

40%

31%

Data Encryption

Multi-factor authentication

SIEM

5%

Other

41 %

37%

Private network connectivity

Threat Monitoring

31% Data Loss Prevention

Note: % of respondents who said they used these security technologies to protect payment data.

TOP SECURITY TECHNOLOGIES USED TO PROTECT PAYMENT DATA

END-TO-END ENCRYPTION OF PAYMENT DATA 44% of companies use end-to-end encryption to protect payment data as it moves from the POS terminal and is transmitted to the financial institution.

Only 43% of companies use encryption or tokenization at the point of sale. 27% have plans to implement and 30% do not use it.

30%

43%

No

44%

Yes

Plan to

27%

PCI DSS IS NOT SUFFICIENT FOR ENSURING THE SECURITY AND INTEGRITY OF PAYMENT DATA

MULTI-FACTOR AUTHENTICATION IS MAINLY USED FOR INTERNAL EMPLOYEES AND RARELY FOR THIRD PARTIES OR VENDORS

> Only 17% of companies say PCI DSS compliance is essential. > In fact, 74% of companies are not fully compliant or are only partially compliant

> 9% of all payments are mobile today > 18% of all payments will be mobile in two years

26%

66 % 55%

Fully Compliant

45% 34

%

Yes

Not Fully Compliant

38%

Partially Compliant

No

36%

Multi-factor authentication for vendors or third-parties Multi-factor aithentication for internal employees

OWNERSHIP OF PAYMENT DATA SECURITY IS NOT CENTRALIZED When it came to saying who is most responsible for ensuring payment data is protected, surveyed IT professionals said the following

28%

CIO

GEMALTO.COM

26%

Business Unit

19% Compliance

15% CISO

8% Risk Management

4%

2%

Legal

Internal Audit