Enterprises Turn to EVM and Tokenization for Payment Data Protection: Study

By CIOReview | Friday, February 12, 2016

FREMONT, CA: To assess the current scenario in digital and cyber security, Ponemon Institute conducted a survey of 3,700 IT Security practitioners on behalf of Gemalto – a digital security and data encryption firm.

The survey was done in light of increasing acceptance of mobile and online payments. Though highly convenient, these methods open a gateway for cyber criminals to gain intelligence of critical information - especially payment data and in-voices.

The survey showed that 54 percent of the said practitioners admitted to having an average of four security breaches involving payment data over the last two years. Another 55 percent confessed that they had no information as to where their payment data is, revealing that even today, with security breaches at an alarmingly high rate, companies aren’t opting for a centralized approach to protecting their sensitive data.

"The biggest issues with securing payment data and other sensitive data is the lack of knowledge about how exactly to do it and the skills gap that exists within most companies. People don’t know how to encrypt data from when it’s captured to when it’s stored. This is compounded by a lack of a centralized approach to data security across companies," says Jason Hart, VP and CTO for Data Protection, Gemalto.

The lack of a centralized ownership for the payment data security can be observed from the response give by the subjects; with 28 percent saying that the responsibility lay with the CIO; another 26 percent saying it is with the business unit; 19 percent think it is with the compliance department; 15 percent with the CISO, and the remaining 14 percent with other departments. Around 44 percent divulged that their companies use end-to-end encryption to protect the payment data.

 “Payments will be increasingly protected by encrypted data on physical devices or chips thanks to the shift to EVM that took place last October, but fraudsters will just look to the next weakest link in the ecosystem," Hart continued. "These payments will be increasingly protected by tokenization, which we have been discussing for years, but now looks to become more and more influential."

With Earned Value Management (EVM) becoming more and more reliable, companies are opting to payment data protection by encrypted data on physical devices. To further enhance the security, companies are also resorting to tokenization.