The internet has dramatically changed the way people search and shop for things online, and continued technological advances have changed ecommerce. There are a lot of ways for people to shop online, but the biggest concern for many business owners and consumers is the security of these systems. A recent survey of IT security practitioners revealed that there is a lack of confidence in securing mobile transactions and increasing risks to payment data.
Most business owners are aware that security breaches happen, but many may not be aware of the scope of the problem. The global study of 3,700 I.T. security practitioners, conducted by the Ponemon Institute, found that the majority (54 percent) of the companies taking part had suffered a breach involving payment data an average of four times in the past two years.
There is clearly more that can be done to improve security. Despite the prevalence of security breaches, payment data security was not among the top five security concerns of the companies who had suffered more than four breaches in two years.
Part of the issue is related to the fact that many business owners and IT professionals don’t give a lot of consideration to how and where customer payment data is stored. According to the report, more than half (55 percent) of the IT security professionals surveyed admitted to not knowing where payment data is stored, or located. Over a quarter (28 percent) of respondents said responsibility is with the CIO and about the same amount (26 percent) saying it is with the business unit. About a fifth (19 percent) with the compliance department, 15 percent with the CISO, and 14 percent with other departments.
Securing payment information and customer data is going to become more challenging as mobile technology creates new avenues for ecommerce and payment. According to the study, ‘Global Study on the State of Payment Data Security‘, acceptance of new payment methods such as mobile, contactless and e-wallets will double over the next couple of years.
While mobile payments currently account for less than a tenth (9 percent) of all payments, according to respondents that is set to double, reaching 18 percent within two years. However, seven out of ten (72 percent) professionals surveyed believed these new payment methods are putting payment data at risk and 54 percent do not believe that, or are unsure of, their organisation’s existing security protocols are capable of supporting these platforms.
“Given what was found with traditional payment methods and data security, companies involved with payment data must realize compliance is not enough and fully rethink their security practices, especially since a full one-third of those surveyed said compliance with PCI DSS is not sufficient for ensuring the security and integrity of payment data,” says Jean-Francois Schreiber, Senior Vice President for Identity, Data and Software Services at Gemalto. “The financial fallouts from data breaches, and the damages to corporate reputation and customer relationships will carry even greater potential risk as newer payment methods gain adoption.”
There are a lot of things that business owners can do to improve the security of their ecommerce site and to give consumers more confidence in the system. One of the best things to do is to switch to an HTTPS site. This more advanced server setup is recognized by consumers as being more secure. And has been mentioned often in the past, Google is giving SEO boosts to sites that use HTTPS.
For more information related to cyber security, read this article on a recent announcement from Google about hacked websites.