According to the Payment Security Practices and Trends Survey commissioned by CyberSource and Trustwave, in partnership with the Merchant Risk Council (MRC), the need to protect the companies brand and revenue is the top driver for merchants when investing in payment security.
Payment security entails managing and securing payment data across an organization's full order lifecycle, from the point of payment acceptance, through fraud management, fulfillment, customer service, funding and financial reconciliation, and transaction record storage.
The presence of payment data at any of these points, whether on organization systems, networks or visible to staff, exposes the organization to risk. To protect information retailers have had to sign up to the Payment Card Industry data Security Standard (PCI DSS).
Fines can be imposed for non-compliance but the survey showed that more companies were more concerned about brand protection than the risk of penalties..
While much of the focus of security has been on preventing external hackers the survey indicated that companies see internal threats equal with those from outside.
A third, 33%, cited external threat as higher but 34% named employees as the most likely cause of problems with the remaining third putting both as likely to cause a breach.
The survey showed that ownership for the security in the majority of firms sat with the IT department 57% with the legal department owning the process at just 21% of firms, though where legal were responsible, the risk of fines featured higher on the list of drivers.
Looking forward, almost all the companies agreed that complexity and cost to manage payment security would grow.