Skip to main content

Even After Breaches, Convenience Trumps Security In Payments

by Paul Roberts on Monday September 28, 2015

Contact Us
Free Demo

A survey by the Ponemon Institute and Experian suggests that consumer convenience is still the number one consideration driving technology adoption in the payments industry… even when it might adversely affect security.

Mega data breaches affecting companies in verticals like retail and healthcare have put the fear of god into payment vendors and their customers – moving data security to the top of the agenda.

Or at least that’s the common wisdom. The truth may be somewhat different, at least according to data from credit monitoring agency Experian and The Ponemon Institute. A survey conducted by the two firms found that customer convenience, not security, is still the consideration that drives investment in “innovative” technologies.

The study surveyed 748 professionals in information security, risk management, product development and related roles about the payments systems used within their organizations. Respondents came from across the payments ecosystem, including retailers, financial institutions, payment processors, credit card brands, regulators, consumers and other stakeholders, according to a report released by Ponemon.

The report tested IT pros’ feelings about emergent payment technologies – from BitCoin to NFC-based payments and e-wallet features. Most, the respondents agreed, would create security challenges and increase the likelihood of a breach. That’s a possibly worrying signal for vendors like Apple and Google who have staked a future on replacing the credit card.

But the survey also underscored industry biases that also work against efforts to improve the security of the payments system. Notably, a strong majority – 67 percent – agreed that “customer convenience in innovative payments systems is critical,” but those same respondents didn’t feel the same way about security. Just 24 percent said that the need for enhanced security in new payment methods outweighed the cost of its implementation. That kind of thinking is known to have prevailed at companies like Target, which experimented with secure “Chip and PIN” credit cards as early as 2001, before abandoning the experiment because of its perceived inconvenience for shoppers.

The Ponemon data, combined with statistics such as the 66 percent of those surveyed who agreed or strongly agreed that “authentication risks make it difficult to implement new payment methods” and the half of respondents who reported “minimal” or “no” collaboration with partners in the payment ecosystem to improve security, begins to give a sense of why it has been so hard for industries to embrace new payment technologies.

In fact, respondents to the survey were nonplussed about the risk that breaches may pose to the financial health of their companies. “Shareholder legal action and stock price declines following a data breach are not a concern,” the report concluded. Sixty six percent of respondents say legal action initiated by shareholders is only somewhat of a concern or no concern at all. Only 23 percent of respondents say their organization would be somewhat concerned and 35 percent of respondents say they are not concerned at all.

The big message of the Ponemon and Experian report may caution about our expectations for how much change will result from the last two years of mega data breaches. If anything, the report makes it clear that IT professionals who work in the payments ecosystem aren’t particularly hopeful about the industry doing an about face on security. Their pessimism may be a sign that the future for payments security isn’t as bright as some of us hoped.

Paul F. Roberts is the Editor in Chief of The Security Ledger.

Tags:  Data Breaches

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.