Bluefin P2PE partner Transaction Network Services (TNS) recently released Consumer Payment Card Data Security Perceptions, a report that addresses consumers’ payment security concerns as well as the role of the payments industry in a world where cybercriminals continue to innovate new schemes to target valuable credit card data.
“Our survey unveils high levels of concern about the security of payment card data and strong feelings among consumers that banks, retailers and other organizations involved in the payment card industry need to do more to protect their personal data,” stated Lisa Shipley, Executive Vice President and Managing Director of TNS’s Payment Network Solutions.
The report details findings from surveys conducted in the US, UK and Australia, where consumers were asked to agree or disagree with a series of statements. The surveys found that consumers:
- Have falling levels of trust in the security of payments made in-store
- Believe more needs to be done to protect personal card data
- Are concerned that the number of criminals targeting credit/debit card data is increasing
- Had their personal credit/debit card data used fraudulently
- Felt information had been put at risk by a data breach, regardless of whether they were subsequently the victim of fraud
Consumer Security Perceptions
Globally, 38% of respondents felt that their data had been put at risk – with U.S. adults showing the greatest concern at 46% – regardless of whether they had been victims of fraud or not. What is interesting is that, when compared to the results of the same question that was asked in 2015, it shows that fears have reduced in the last two years, with the exception of the UK.
UK adults aged 25 to 34 did not see a marked drop and instead gave virtually consistent ratings in both surveys – 43% believed their private credit/debit card data had been put at risk by a data breach in 2017 and 45% in 2015
However, the survey revealed that trust in the security of payments made in-store versus online or telephone payments has decreased.
In 2015, 57% of respondents felt their credit card data was more secure in-store than online or over the telephone. In 2017 this fell to 55%. The biggest drop was observed in the U.S. where just 49% of adults surveyed believed in-store payments to be more secure.
Payment Security – Where Does the Responsibility Lie?
TNS’s report included a new question in the 2017 survey, asking consumers for their insight on where they believe the responsibility lies in protecting their credit card data. Retailers, consumers believe, hold the ultimate responsibility. An overwhelming 62% hold the retailer responsible for protecting their credit card data when they make a purchase, instead of their bank or credit/debit card company.
Survey respondents voiced strong concerns about the future, with 85% stating that they believe the number of criminals trying to steal credit/debit card data is increasing, and 82% of respondents think that banks, retailers and organizations involved in the credit card industry need to do more for card security.
“While the payments industry has made significant advances in protection in recent years, criminals continue to find increasingly sophisticated ways to target valuable payment card data. One in five respondents in our survey confirmed their credit or debit card data had been used fraudulently in the last two years, so this highlights that we must continue to drive forward with new security measures.”
Consumers See Encryption as a Vital Data Protector
There are several technologies that protect sensitive cardholder data and provide an additional layer of protection for consumers. Encryption was believed by 74% of the respondents to be a secure way of protecting their personal data.
“We were one of the first pioneers of encryption in the payments environment many years ago and now have established relationships with Verifone, Ingenico and Bluefin Payment Systems. We have helped a number of large merchants implement this added layer of protection and expect to see more organizations add this to their strategic infrastructure over the coming months,” states Shipley.
The PCI Security Standards Council (SSC) also believes that encryption is key in keeping card data safe. There are many solution providers on the market with end-to-end encryption and non-validated P2PE products, but only those P2PE solutions listed on the PCI SSC website have been audited and approved by the Council as validated solutions.
Bluefin Payment Systems’ PCI-Validated P2PE encrypts cardholder data, preventing clear-text cardholder data from being present in a merchant or enterprise’s system or network where it could be accessible in the event of a data breach. Our validated P2PE technology is available through TNS to the company’s partners, gateways and merchants.
Conclusions from the Report
TNS finds that it is up to the payment industry to work collectively to deploy payment protection technologies while reassuring consumers that their data is safe.
“Consumers are placing their trust in the payments industry and looking to retailers, banks, acquirers, processors, card schemes, alternative payment providers and others to implement well-conceived security practices, processes and procedures. Innovation in security and the protection of sensitive payment card data is as essential as the creation of new payment technologies themselves.”
TNS’s Consumer Payment Card Data Security Perceptions report is available for download.