Security & Compliance Trends in Innovative Electronic Payments

Similar documents
HSM Global Market Study

Global Trends in Identity Governance & Access Management: Brazil

Managing Insider Risk through Training & Culture. Sponsored by Experian Data Breach Resolution

Managing Complexity in Identity & Access Management

Identity Imperative for the Open What IT Users & Business Users Think about Bring Your Own Identity (BYOID)

Mobile Payments & Online Shopping Survey of U.S. Consumers

Challenges & Trends in Public Sector IT Operations: United States DevOps fuels optimism despite declining confidence

Tokenization April Tokenization. Gregory H. Soule, CPA, CISA, CISSP, CFE Senior Manager. Andrews Hooper Pavlik PLC

HCE E-Book HOST CARD EMULATION: NFC S MISSING LINK

Introduction to EMV BEYOND PAYMENT

EMV THE DEFINITIVE GUIDE FOR US MERCHANTS AND POS RESELLERS

The Changing Landscape of Card Acceptance

Emerging Payments: The Next Step in Providing Member Convenience via Channel Expansion. Presented by CO-OP Financial Services

EMV Chip Cards. Table of Contents GENERAL BACKGROUND GENERAL FAQ FREQUENTLY ASKED QUESTIONS GENERAL BACKGROUND...1 GENERAL FAQ MERCHANT FAQ...

AUTHENTIC AND PAYMENT TRENDS AUTHENTIC IS AN INTELLIGENT TRANSACTION-PROCESSING PLATFORM DESIGNED FOR TODAY S FAST-CHANGING PAYMENTS BUSINESS.

EMV: The Race Is On! September 24, 2013

X Infotech Banking. Software solutions for smart card issuance

2016 Cost of Data Breach Study: United States

EMVCo s Contactless Indicator Trademark - Acceptable Use Cases

Virtual Terminal Plus Product Insights for Merchants and Sales Offices. A virtual terminal that does virtually everything"

Guiding Principles for Next Generation Mobile Payments NFC Solutions Summit 2012

Gemalto Podcast for 8_29 [1] CARSLEY: Welcome. This is Ben Carsley for PYMNTS.com, and I am

Evaluating Processing Infrastructure, Support & Costs

That s right, you read it correctly. Pay only one flat monthly fee for accepting Debit and Credit Cards, it s the honest truth.

Secure Smart Cores. Architecture License. Provisioning ******** Services. Value-Added Services. Provisioning IoT. CryptoManager

FEIG Electronics cvend Pays Off with Performance, Security for Contactless Fare Collection Systems

EMV and Educational Institutions:

One Size Doesn t Fit All Reinvent Your B2B E-Commerce Strategy

Cementing Security into Software

THE ADOPTION OF EMV TECHNOLOGY IN THE U.S. By Guy Berg Global Industry Sales Consultant Datacard Group

The road to Payments digitization. Costis Paikos Digital Channels, Eurobank BoD, IAB Hellas

Technology Developments in Card-Based Payments WACHA Payments 2013

Mobile Point of Sale Solutions: 2019 Easy and Secure Methods

Dates Visa MasterCard Discover American Express. Acquirers, subprocessors. support EMV. International ATM liability shift 2

EMV Terminology Guide

Fighting Fraud in the e-commerce Channel: A Merchant Study. June 2018

Transaction Management & Payment Solutions

Payment Digitalization and the University Smart Card

EMV for Merchants and Merchant Acquirers: U.S. Migration Considerations. Smart Card Alliance Webinar October 6, 2011

Merchant Considerations for U.S. Chip Migration. EMV Migration Forum/National Retail Federation September 2014

Benchmarking Privacy: An Executive Summary. International Association of Privacy Professionals

Getting Out of PA-DSS Scope and Eliminating the High Cost of EMV: What you need to know

AT THE INTERSECTION REMOTE PAYMENTS

Nayax 24 Raoul Wallenberg St., Building A1, 4th floor, Tel Aviv, 69719, Israel Tel:

Sponsored by Results Report. U.S. Independent ATM Deployer Survey

WHITE PAPER. Annual IIoT Maturity Survey. Adoption of IIoT in Manufacturing, Oil and Gas, and Transportation

Summary of Mobile Payments Industry Workgroup (MPIW) Meeting with Merchants and Mobile Payment Start-ups September 25, 2012

DR. MARKUS BRAUN CEO, CTO

Semi-Integrated EMV Payment Solution

EMV: The Next Generation of Payments

Mobile and Contactless Payments Requirements and Interactions

The Future of Retail Banking

EMV in the U.S. Liability shift; what does this mean for the U.S.?

Testing Solutions for Hyper-Connected Apps

Accelerating Financial Services Transformation

Test Token Management

Merchant Considerations for U.S. Chip Migration. EMV Migration Forum/National Retail Federation September 2014

CUSTOMER: LOCATION: INDUSTRY: OVERVIEW:

Hot Topics in Payments Cornerstone CU League Small CU Committee July 9, 2014

Agenda. What is EMV. Chip vs Mag Stripe. Benefits of EMV. Timeframes & Liability Shift. Costs. Things to consider. Questions

EXPANDING BRAND PRESENCE IN A TIME OF BRANCH REDUCTIONS

The Evolution of Payments on Campus

EMV FREQUENTLY ASKED QUESTIONS (FAQs)

Covering Your Assets: Payment Landscape and Technology

EMV: Facts at a Glance

The mobile wallet already exists!

E-Debit International Inc. Introduction to Transaction Processing. Basic Overview of our Payment & Processing Systems 08/13

ATM Webinar Questions and Answers May, 2014

STAR Network Overview

OTI Brings Diverse Cashless Payment Solutions to Worldwide Merchants

FIME press pack. This is an interactive press pack. Continue. July fime.com

Visa and MasterCard Drive Adoption of EMV Payment Technologies in the United States

VISO BUSINESS PLAN. Token sale level Funds raised. Technologies launched. Share of Georgia s cash-desk equipment market

HITACHI BIOMETRIC SOLUTIONS FOR RETAIL BANKING. Hitachi s digital security portfolio includes a comprehensive biometric solution for retail banking.

Virtual Terminal Plus Product Insights. A virtual terminal that does virtually everything"

Is Your Organization Ready for the EMV Challenge?

George Lawrie Vice President & Principal Analyst at Forrester Research Ltd

Heartland Payment Systems

Realize More with the Power of Choice. Microsoft Dynamics ERP and Software-Plus-Services

HCE Driving NFC: From Idea to Reality to Ubiquity. Mobey Day October 7/8, 2014

Payment Acceptance Solutions

THE NEXT EVOLUTION IN COMMERCE: INVISIBLE PAYMENTS

A Buyer s Guide to POS

Emerging Opportunities in Morocco s Cards and Payments Industry

EMV: Strengthen Your Business Through Secure Payments

Open Payment Fare Systems

ATM Innovation to 2020 and Beyond by Mike Lee, CEO, ATMIA ATMs: 50 Years of Innovation with a Big Future Ahead. Loews Sapphire Falls Resort, Orlando,

The Evolution of Payment Specifications and Tokenization. Smart Card Alliance and EMVCo Webinar October 1, 2015

FIS Global Retail Payments. Centralize your enterprise with ONE trusted partner.

The Small Business Guide to Mastering EMV

DELIVER A TRULY DIGITAL WALLET EXPERIENCE. Powering customer engagement and business growth. Finacle Digital Wallet Solution

Increase Efficiency Boost Growth Stay Ahead of the Curve

Investigating the myths and realities of contactless payment

The Bank of Elk River: Digital Wallet Terms and Conditions

Smartcards and Beyond

I Don t Use Apple Pay Because It s Less Secure...: Perception of Security and Usability in Mobile Tap-and-Pay

FinTechs as a catalyst for improving payment services

Quick Guide. Token Service Provider

NCR Silver & Miura 010. Monday, August 08, 2016

EMV is coming. Here s how to stay ahead of the trend. Presented by CO-OP Financial Services

Transcription:

Security & Compliance Trends in Innovative Electronic Payments Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research Report

Security & Compliance Trends in Innovative Electronic Payments Ponemon Institute, October 2014 Part 1. Introduction New electronic payment systems and virtual currencies are expected to make paper currency the horse and buggy of the 21 st century. Are organizations up to the challenge of ensuring security and privacy when businesses and consumers use these payment systems for purchasing items and transferring of funds? Ponemon Institute is pleased to present the findings of Security & Compliance Trends in Innovative Electronic Payments, sponsored by HP Atalla. The purpose of this research is to examine perceptions about the security and privacy risks and solutions in the use of new electronic payments and virtual currencies. According to the findings of this research, consumers are embracing the convenience of a variety of payment systems, including mobile payments, person-to-person payments and e-wallets. The new electronic payment methods most often supported today and planned for in the future are payments with a mobile device or phone number and stored value cards. Many organizations represented in this research are planning to support virtual currencies in the near future. To ensure a knowledgeable participant, we surveyed 634 individuals in the United States who work primarily in IT operations, security and as part of their organization s electronic deployment team. These individuals are all familiar with and involved in their organizations innovative electronic payments practices. The findings reveal that while new payment models are evolving and growing in use, the same security fundamentals for maximum protection in the overall payment process are still needed. These include: one-time passwords or tokens, federated identity and authentication systems and multi-factor authentication. Further, organizations are expected to invest in near field communication (NFC) technologies and host card emulation (HCE) because they are considered critical to security. In fact, in September 2014 Apple also announced support for NFC-powered transactions as part of their Apple Pay program. Topics in this research focus on the use of electronic payment systems, perceptions about the risk to organizations and trends in the adoption as well as support for virtual currency solutions. The electronic payment systems covered in this research are: alternative payment methods as point of sale, electronic payment methods as point of sale, electronic payment platforms, direct carrier or app billing and closed loop innovative electronic payments. Key takeaways from this research: A key barrier to the adoption of innovative electronic payments is security. The biggest concern seems to be authentication risks with the use of virtual currencies. There is also the perception that the pressure to quickly migrate to the use of innovative electronic payments is making it difficult to address the security and privacy issues. Considered most critical to the security of innovative electronic payment methods are onetime passwords or tokens, federated identity and authentication systems and multi-factor authentication. There is major support for e-wallets, such as Google Wallet or Apple Pay. However, respondents are concerned about the increased risk in the security or integrity of such innovative electronic payments. The widespread adoption of virtual currencies is inevitable because both companies and consumers are willing to embrace their use. Forty-six percent of respondents believe virtual currencies will overtake paper currencies within the next five years. Ponemon Institute Research Report Page 2

Banking institutions followed by credit card brands are seen as the most innovative in developing new approaches to the security and privacy of innovative electronic payments. The positive perception about banking and credit cards could be due to respondents in this study having a closer relationship with these institutions and greater visibility into their efforts to improve the customer experience. Companies are not rushing to adopt video teller machines as part of their future electronic payment strategy. The adoption of video teller machines is a long way off. Only 5 percent say they will have them within the next two years. Fifty percent say they have no plans to use them, possibly because these payment systems are not aligned with their electronic payment strategy. In the following sections (Parts 2 to 4), we present the key findings of this study in detail. The complete audited findings are presented in the appendix of this report. The paper is organized according to the following themes: Perceptions about new electronic payment systems Trends in new approaches to the security and privacy of new electronic payments Growth in the use of innovative electronic payments Ponemon Institute Research Report Page 3

Part 2. Perceptions about new electronic payment systems Authentication risks and pressure to use new methods of electronic payment systems are believed to jeopardize their security and integrity. According to Figure 1, 66 percent of respondents (31 percent + 35 percent) believe a problem in implementing new payment methods is the difficulty in authenticating users. Moreover, the pressure to migrate to these payment systems puts the security of transactions at risk, according to 63 percent of respondents (31 percent + 32 percent). The majority of respondents believe new standards not regulations--are needed to ensure the security and integrity of virtual currencies. As shown below, 59 percent say existing standards are not sufficient for ensuring the security and integrity of innovative electronic payments and 46 percent say the security of innovative electronic payments is a top priority for their organization. Figure 1. Perceptions about new electronic payment systems Strongly agree and agree response combined Authentication risks make it difficult to implement innovative electronic payment systems 31% 35% The pressure to migrate to innovative electronic payment systems puts the security of transactions at risk Virtual currencies such as Bitcoin are an important part of our organization s electronic payment strategy Existing standards are not sufficient for ensuring the security and integrity of innovative electronic payments 31% 26% 30% 34% 32% 29% The security of innovative electronic payments is a top priority issue for my organization 23% 23% New regulations are needed to ensure the security and integrity of innovative electronic payments 12% 19% 0% 10% 20% 30% 40% 50% 60% 70% Strongly agree Agree Ponemon Institute Research Report Page 4

Privacy concerns will not deter consumers from using new types of electronic payments. Only 38 percent of respondents (19 percent + 19 percent) say consumers will be reluctant to use these payment methods because of privacy concerns, as shown in Figure 2. However, 50 percent of respondents say the protection of consumer s privacy rights is difficult to achieve in the electronic payment environment. Figure 2. Privacy concerns with new electronic payment systems The protection of consumer s privacy rights is difficult to achieve in the electronic payment environment 21% 29% Consumers are reluctant to use innovative electronic payments because of privacy concerns 19% 19% 0% 10% 20% 30% 40% 50% 60% Strongly agree Agree Organizations limit the use and collection of unique identification data to protect customer s privacy. Figure 3 reveals that 72 percent of respondents say they limit the use of unique identification data when identifying and authenticating users followed by 69 percent who say they require the e-wallet provider to disclose how all personal information is used, shared and retained and 68 percent say they limit the number of unique identification data collected. Figure 3. How organizations protect the customers unique identification data More than one response permitted Limit the use of unique identification data to identify and authenticate only Require the e-wallet provider to disclose how all personal information is used, shared and retained Limit the number of unique identification data collected 68% 72% 69% Grant the e-wallet user with the ability to delete all identification data after terminating services 66% Encrypt, tokenize or mask data before use 52% Restrict the sharing of unique identification data with third parties 24% Other 2% 0% 10% 20% 30% 40% 50% 60% 70% 80% Ponemon Institute Research Report Page 5

Payments with a mobile device or phone number are most popular. According to Figure 4, 75 percent of respondents say their organizations plan on supporting payments with a mobile device or phone number followed by stored value cards. Once again we see support for virtual currencies. Forty-three percent of respondents say e-currencies will be part of their organizations payment strategy. Figure 4. New electronic methods supported today and in the future More than one choice permitted 80% 70% 75% 60% 59% 50% 40% 43% 39% 30% 20% 10% 0% Payments with a mobile device or phone number Stored value cards e-currency (Bitcoin) Bar codes 1% Other Ponemon Institute Research Report Page 6

What electronic payment systems are most often used? According to respondents and shown in Figure 5, the highest full and partial deployment is for electronic payment platforms (65 percent of respondents) followed by closed loop innovative electronic payments (58 percent) and direct carrier or app billing (56 percent). Only 17 percent have fully deployed alternative payment methods for point of sale followed by electronic payment methods for point of sale (also 17 percent). In addition, these payment systems are not expected to grow as much as others in this research. Thirty-four percent of respondents say their organizations have no plans to deploy alternative payment methods for point of sale and electronic payment methods as point of sale. Figure 5. The state of electronic payment system deployment Fully deployed 17% 17% 30% 33% 40% Partially deployed 23% 23% 25% 26% 25% Planning to deploy 26% 26% 24% 24% 32% Not planning to deploy 3% 18% 20% 34% 34% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% Alternative payment methods as point of sale Electronic payment platform Closed loop innovative electronic payments Electronic payment methods as point of sale Direct carrier or app billing Ponemon Institute Research Report Page 7

Alternative payment methods as point of sale and electronic payment methods as point of sale are most risky to organizations. Respondents were asked to compare the risks of electronic payment systems to conventional payment systems such as credit card, check or cash. The findings reveal that the most risky are alternative payment methods as point of sale and electronic payment methods as point of sale. This can explain why deployment of these payment systems is the lowest and why stronger security methods are needed. Figure 6. Rating the risks of electronic payments Extrapolated average, 1 = least risk to 10 = most risk Alternative payment methods as point of sale 7.68 Electronic payment methods as point of sale 7.60 Electronic payment platform 7.18 Closed loop innovative electronic payments 6.58 Direct carrier or app billing 6.54 1 2 3 4 5 6 7 8 9 10 Ponemon Institute Research Report Page 8

Part 3. Trends in new approaches to the security and privacy of new electronic payments New payment models are evolving, but the same security fundamentals for maximum protection in the overall payment process are still needed. The most critical are one-time passwords or tokens, federated identity and authentication systems and multi-factor authentication, according to Figure 7. Figure 7. Security approaches considered essential or most important Essential and very important response combined One time passwords or tokens 33% 42% Federated identity and authentication systems 35% 36% Multi-factor authentication 26% 30% Expanded use of encryption or tokenization in electronic devices Behavioral profiling tools Expanded use of encryption or tokenization in point of sale (POS) systems Electronic device management (MDM) solutions 21% 19% 20% 21% 23% 23% 21% 16% 0% 10% 20% 30% 40% 50% 60% 70% 80% Essential Very important Ponemon Institute Research Report Page 9

Figure 8 shows the average use of the various security approaches for the payment methods covered in this research. While one time passwords or tokens and federated identity and authentication systems are considered essential or very important, on average only 48 percent of respondents say their organizations use one time passwords or tokens and an average of 42 percent say their organizations use federated identity and authentication systems. Figure 8. Security approaches most often used to safeguard electronic systems Multi-factor authentication Expanded use of encryption or tokenization in electronic devices Expanded use of encryption or tokenization in point of sale (POS) systems One time passwords or tokens 55% 54% 49% 48% Federated identity and authentication systems 42% Electronic device management (MDM) solutions 34% Endpoint security solutions 31% 0% 10% 20% 30% 40% 50% 60% Financial institutions and credit card companies are the innovators. According to Figure 9, financial institutions are considered number 1 in creating new approaches to the security and privacy of innovative electronic payments followed by credit card companies. These organizations are closer to the consumer experience with electronic payment systems and might have a greater incentive to innovate and improve security and privacy. Figure 9. Most innovative in the security and privacy of electronic payments 1 = least innovative to 6 = most innovative Financial institutions 5.44 Credit card brands 4.88 New entrants to the field 4.23 E-Tailers or ecommerce brands 3.04 Technology companies 2.16 Conventional retailers or store brands 1.50 1.00 2.00 3.00 4.00 5.00 6.00 Ponemon Institute Research Report Page 10

Near field communication (NFC) technologies and host card emulation (HCE) are strategically important. NFC and HCE increase the security of new electronic payments, according to 55 percent and 57 percent of respondents respectively. They are also essential or very important to the organization s security strategy, according to 71 percent of respondents (NFC) and 68 percent of respondents (HCE), respectively (see Figure 10). NFC is a set of standards for smartphones and other mobile devices to establish radio communication. NFC devices can be used in contactless payment systems such as mobile payments. HCE enables the following: merchants to offer payment cards solutions more easily through mobile, closed-loop contactless payment solutions, real time distribution of payment cards and allows for an easy deployment scenario that does not require merchants to change the software inside the terminal. Figure 10. Strategic importance of NFC and HCE Essential & very important, significant increase & increase responses combined 80% 70% 60% 50% 40% 30% 20% 10% 0% 71% Near field communication (NFC) technologies 68% 55% 57% Host card emulation (HCE) Essential & very important Significant increase & increase Ponemon Institute Research Report Page 11

Part 4. Growth in the use of innovative electronic payments Despite security risks, virtual currencies are expected to overtake paper currencies in the future. As shown in Figure 11, 46 percent of respondents believe virtual currencies will be commonly used within the next 5 years. Thirty-four percent of respondents say they already support or will support within a year a virtual currency payment system. Figure 11. Will virtual currencies overtake paper currencies in the future? 40% 35% 30% 25% 20% 15% 10% 5% 0% 11% 35% e-wallets are among the most popular of new electronic payment systems. As shown in Figure 10, 57 percent believe their organization will adopt e-wallet services within the next five years as proof that the acceptance of e-wallet services is critical to their innovative electronic payments strategy, despite security risks. To protect the customers unique identification data when used to authenticate users, 69 percent of respondents say their organization requires the e-wallet provider to disclose how personal information is used, shared and retained. Sixty-six percent also say they will grant the e-wallet user the ability to delete all identification data after terminating their use. 26% Figure 10. Will your organization adopt e-wallets? 35% Yes, within the next 2 years Yes, within the next 5 years 33% Yes, within the next 10 years 8% Yes, more than 10 years from now 20% Never 30% 25% 20% 24% 23% 15% 10% 5% 11% 9% 0% Yes, within the next 2 years Yes, within the next 5 years Yes, within the next 10 years Yes, more than 10 years from now No plan to deploy Ponemon Institute Research Report Page 12

Companies are not rushing to adopt video teller machines as part of their future electronic payment strategy. According to Figure 11, the adoption of video teller machines is a long way off. Only 5 percent say they will have them within the next two years Fifty percent say they have no plans to use them, possibly because these payment systems are not aligned with their electronic payment strategy. Figure 11. Will your organization adopt video teller machines? 60% 50% 50% 40% 30% 20% 12% 15% 18% 10% 5% 0% Yes, within the next 2 years Yes, within the next 5 years Yes, within the next 10 years Yes, more than 10 years from now No plan to deploy Summary: New payment models - same security fundamentals In summary, electronic trends in the payments world are moving at a very fast pace. Merchants are going to need to invest in infrastructure for both NFC (near field communication) and EMV (Europay, MasterCard and Visa) changes to be competitive. Cryptography, Key Management, HSMs (hardware security modules), interoperability, industry rules and standards all continue to play a huge and growing role in delivering "secure" innovative electronic payment offerings and new payment capabilities. Implementation of HSMs is still required for maximum protection in the overall payment process that involves Merchants, Acquiring banks, Regional or National Switch, and Issuing banks. HSM solutions are still at the "heart" of ensuring the highest level of data protection is available for payment systems. HSMs are the secure, gold-standard appliances that ultimately protect the encryption keys. Ponemon Institute Research Report Page 13

Part 5. Methods A sampling frame of 18,995 individuals from the United States who work primarily in IT operations, security and as part of their organization s electronic deployment team were selected as participants to this survey. All participants are familiar with and involved in their organizations innovative electronic payments practices. As shown in the following table, 703 respondents completed the survey. Screening removed 69 surveys. The final sample was 634 surveys (or a 3.3 percent response rate). Table 1. Sample response Freq Sampling frame 18,995 100.0% Total returns 703 3.7% Rejected or screened surveys 69 0.4% Final sample 634 3.3% Pie Chart 1 reports the organizational level for survey participants. By design, 57 percent of respondents are at or above the supervisory level. Pie Chart 1. Organizational level for current position 3% 2%2% 35% 15% 20% Senior Executive Vice President Director Manager Supervisor Associate/Staff Technician Other 5% 18% As shown in Pie Chart 2, 27 percent of respondents defined their function or department as IT operations, 19 percent responded IT security and 16 percent responded applications development. Pie Chart 2. The department or function that best defines your role 11% 15% 5% 4% 3% 16% 27% 19% IT operations IT security Applications development Electronic deployment team IT compliance Research & development Administration Other Ponemon Institute Research Report Page 14

According to Pie Chart 3, almost half of the respondents (48 percent) are from organizations with a global headcount of over 1,000 employees. Pie Chart 3. Global headcount 6% 16% 15% 11% 20% Less than 250 250 to 500 501 to 1,000 1,001 to 5,000 5,001 to 25,000 25,001 to 75,000 More than 75,000 16% 16% Pie Chart 4 reports the industry focus of respondents organizations. This chart identifies financial services (18 percent) as the largest segment, followed by health and pharmaceuticals (12 percent), industrial (10 percent) and public sector (10 percent). Pie Chart 4. Industry distribution of respondents organizations 6% 4% 3% 2% 1% 18% Financial services 4% Health & pharmaceuticals Industrial 6% Public sector 7% 8% 9% 10% 10% 12% Retail Services Technology & software Consumer products Utilities & energy Communications Hospitality Transportation Entertainment & media Agriculture & food services Ponemon Institute Research Report Page 15

Part 6. Caveats There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web-based surveys. Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument. Sampling frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals who work in IT operations and security in the United States. We also acknowledge that the results may be biased by external events such as media coverage. We also acknowledge bias caused by compensating subjects to complete this research within a specified time period. Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide accurate responses. Ponemon Institute Research Report Page 16

Appendix: Detailed Survey Results The following tables provide the frequency or percentage frequency of responses to all survey questions contained in this study. All survey responses were captured in September 2014. Sample response Freq Total sample frame 18,995 100.0% Total returns 703 3.7% Screened & rejected surveys 69 0.4% Final sample 634 3.3% Part 1. Attributions Please rate the following statements using the scale provided below each item. Strongly agree & Agree. Strongly agree Agree Q1. The security of innovative electronic payments is a top priority issue for my organization. 23% 23% Q2. The benefits of innovative electronic payments to my organization outweighs the cost of implementation. 17% 21% Q3. New regulations are needed to ensure the security and integrity of innovative electronic payments. 12% 19% Q4. The protection of consumer s privacy rights is difficult to achieve in the electronic payment environment. 21% 29% Q5. Authentication risks make it difficult to implement innovative electronic payment systems. 31% 35% Q6. Existing standards are not sufficient for ensuring the security and integrity of innovative electronic payments. 30% 29% Q7. The pressure to migrate to innovative electronic payment systems puts the security of transactions at risk. 31% 32% Q8. Consumers are reluctant to use innovative electronic payments because of privacy concerns. 19% 19% Q9. Virtual currencies such as Bitcoin are an important part of our organization s electronic payment strategy. 26% 34% Part 2. Electronic payment systems: Alternative payment methods as point of sale Q10a. How familiar are you with alternative payment methods at the point of sale? Very familiar 23% Familiar 30% Somewhat familiar 25% Not familiar (skip to the next category) 22% Q10b. Is your organization using any of these alternative payment methods at the point of sale? Fully deployed 17% Partially deployed 23% Planning to deploy 26% Not planning to deploy 34% Ponemon Institute Research Report Page 17

Q10c. If fully or partially deployed, what steps is your organization taking to secure these transactions? Please select all that apply. One time passwords or tokens 44% Federated identity and authentication systems 43% Expanded use of encryption or tokenization in electronic devices 50% Expanded use of encryption or tokenization in point of sale (POS) systems 47% Expanded use of biometrics 19% Virtual private network (VPN) or gateway security tools 13% Multi-factor authentication 56% Endpoint security solutions 31% Electronic device management (MDM) solutions 33% SIEM and network intelligence systems 28% Continuous monitoring tools 12% Behavioral profiling tools 25% Big data analytical tools 20% Other (please specify) 3% Total 424% Q10d. Compared to conventional payment systems such as credit card, check or cash, how do you rate the security risks of this type of payment to your organization? Please use the following 10-point scale. 1 or 2 5% 3 or 4 8% 5 or 6 15% 7 or 8 17% 9 or 10 55% Extrapolated value 7.68 Q10e. Compared to conventional payment systems such as credit card or cash, how do you rate the security risks of this type of payment to your customers/consumers? Please use the following 10-point scale. 1 or 2 8% 3 or 4 14% 5 or 6 36% 7 or 8 18% 9 or 10 24% Extrapolated value 6.22 Electronic payment methods as point of sale Q11a. How familiar are you with this method of innovative electronic payments as the point of sale? Very familiar 31% Familiar 22% Somewhat familiar 29% Not familiar (skip to the next category) 18% Ponemon Institute Research Report Page 18

Q11b. What types of alternative innovative electronic payment methods do you support or plan on supporting? Please check all that apply. Payments with a mobile device or phone number 75% Stored value cards 59% Bar codes 39% e-currency (Bitcoin) 43% Other (please specify) 1% Total 217% Q11c. Is your organization using this method of electronic payment as the point of sale? Fully deployed 17% Partially deployed 23% Planning to deploy 26% Not planning to deploy 34% Q11d. If fully or partially deployed, what steps is your organization taking to secure these transactions? Please select all that apply. One time passwords or tokens 54% Federated identity and authentication systems 33% Expanded use of encryption or tokenization in electronic devices 48% Expanded use of encryption or tokenization in point of sale (POS) systems 44% Expanded use of biometrics 26% Virtual private network (VPN) or gateway security tools 21% Multi-factor authentication 50% Endpoint security solutions 29% Electronic device management (MDM) solutions 38% SIEM and network intelligence systems 28% Continuous monitoring tools 11% Behavioral profiling tools 26% Big data analytical tools 23% Other (please specify) 1% Total 431% Q11e. Compared to conventional payment systems such as credit card or cash, how do you rate the security risks of this method of innovative electronic payment to your organization? Please use the following 10-point scale. 1 or 2 6% 3 or 4 8% 5 or 6 13% 7 or 8 21% 9 or 10 52% Extrapolated value 7.60 Q11f. Compared to conventional payment systems such as credit card or cash, how do you rate the security risks of this method of innovative electronic payment to your customers/consumers? Please use the following 10-point scale. 1 or 2 4% 3 or 4 15% 5 or 6 18% 7 or 8 18% 9 or 10 45% Extrapolated value 7.20 Ponemon Institute Research Report Page 19

Electronic payment platform Q12a. How familiar are you with this type of electronic payment? Very familiar 33% Familiar 33% Somewhat familiar 28% Not familiar (skip to the next category) 6% Q12b. Is your organization using this type of electronic payment? Fully deployed 40% Partially deployed 25% Planning to deploy 32% Not planning to deploy 3% Q12c. If fully or partially deployed, what steps is your organization taking to secure these transactions? Please select all that apply. One time passwords or tokens 45% Federated identity and authentication systems 40% Expanded use of encryption or tokenization in electronic devices 57% Expanded use of encryption or tokenization in point of sale (POS) systems 65% Expanded use of biometrics 41% Virtual private network (VPN) or gateway security tools 22% Multi-factor authentication 58% Endpoint security solutions 34% Electronic device management (MDM) solutions 34% SIEM and network intelligence systems 32% Continuous monitoring tools 9% Behavioral profiling tools 26% Big data analytical tools 21% Other (please specify) 2% Total 486% Q12d. Compared to conventional payment systems such as credit card or cash, how do you rate the security risks of this type of innovative electronic payment to your organization? Please use the following 10-point scale. 1 or 2 8% 3 or 4 8% 5 or 6 16% 7 or 8 28% 9 or 10 40% Extrapolated value 7.18 Q12e. Compared to conventional payment systems such as credit card or cash, how do you rate the security risks of this type of innovative electronic payment to your customers/consumers? Please use the following 10-point scale. 1 or 2 16% 3 or 4 18% 5 or 6 46% 7 or 8 10% 9 or 10 10% Extrapolated value 5.10 Ponemon Institute Research Report Page 20

Direct carrier or app billing. Q13a. How familiar are you with this type of electronic payment? Very familiar 19% Familiar 30% Somewhat familiar 22% Not familiar (skip to the next category) 29% Q13b. Is your organization using this type of electronic payment? Fully deployed 30% Partially deployed 26% Planning to deploy 24% Not planning to deploy 20% Q13c. If fully or partially deployed, what steps is your organization taking to secure these transactions? Please select all that apply. One time passwords or tokens 44% Federated identity and authentication systems 43% Expanded use of encryption or tokenization in electronic devices 56% Expanded use of encryption or tokenization in point of sale (POS) systems 47% Expanded use of biometrics 19% Virtual private network (VPN) or gateway security tools 13% Multi-factor authentication 56% Endpoint security solutions 31% Electronic device management (MDM) solutions 33% SIEM and network intelligence systems 28% Continuous monitoring tools 12% Behavioral profiling tools 25% Big data analytical tools 20% Other (please specify) 3% Total 430% Q13d. Compared to conventional payment systems such as credit card or cash, how do you rate the security risks of this type of innovative electronic payment to your organization? Please use the following 10-point scale. 1 or 2 10% 3 or 4 11% 5 or 6 19% 7 or 8 37% 9 or 10 23% Extrapolated value 6.54 Q13e. Compared to conventional payment systems such as credit card or cash, how do you rate the security risks of this type of electronic payment to your customers/consumers? Please use the following 10-point scale. 1 or 2 20% 3 or 4 18% 5 or 6 35% 7 or 8 17% 9 or 10 10% Extrapolated value 5.08 Ponemon Institute Research Report Page 21

Closed loop innovative electronic payments Q14a. How familiar are you with this type of electronic payment? Very familiar 20% Familiar 32% Somewhat familiar 25% Not familiar (skip to the next category) 23% Q14b. Is your organization using this type of electronic payment? Fully deployed 33% Partially deployed 25% Planning to deploy 24% Not planning to deploy 18% Q14c. If fully or partially deployed, what steps is your organization taking to secure these transactions? Please select all that apply. One time passwords or tokens 54% Federated identity and authentication systems 50% Expanded use of encryption or tokenization in electronic devices 59% Expanded use of encryption or tokenization in point of sale (POS) systems 41% Expanded use of biometrics 17% Virtual private network (VPN) or gateway security tools 14% Multi-factor authentication 56% Endpoint security solutions 32% Electronic device management (MDM) solutions 33% SIEM and network intelligence systems 28% Continuous monitoring tools 10% Behavioral profiling tools 22% Big data analytical tools 28% Other (please specify) 1% Total 445% Q14d. Compared to conventional payment systems such as credit card or cash, how do you rate the security risks of this type of electronic payment to your organization? Please use the following 10-point scale. 1 or 2 10% 3 or 4 10% 5 or 6 21% 7 or 8 34% 9 or 10 25% Extrapolated value 6.58 Q14e. Compared to conventional payment systems such as credit card or cash, how do you rate the security risks of this type of innovative electronic payment to your customers/consumers? Please use the following 10-point scale. 1 or 2 12% 3 or 4 21% 5 or 6 33% 7 or 8 19% 9 or 10 15% Extrapolated value 5.58 Ponemon Institute Research Report Page 22

Part 3. Trends Q15. In developing new approaches to the security and privacy of innovative electronic payments, who is the most innovative? Please rank the following list from 1 = most innovative to 6 = least innovative. Average rank Rank order Financial institutions 1.56 1 Credit card brands 2.12 2 Technology companies 4.84 5 Conventional retailers or store brands 5.50 6 E-Tailers or ecommerce brands 3.96 4 New entrants to the field 2.77 3 Q16a. How important is near field communication (NFC) technologies to your organization s electronic payment strategy? Essential 35% Very important 36% Somewhat important 15% Not important 8% Irrelevant 6% Q16b. Does NFC increase or decrease the security of innovative electronic payments? Significant increase 22% Increase 33% No impact 26% Decrease 15% Significant decrease 4% Q17a. How important is host card emulation (HCE) to your organization s electronic payment strategy? Essential 33% Very important 35% Somewhat important 14% Not important 11% Irrelevant 7% Q17b. Does HCE increase or decrease the security of innovative electronic payments? Significant increase 31% Increase 26% No impact 20% Decrease 17% Significant decrease 6% Q18a. Does your organization support or plan to support a virtual currency innovative electronic payment solution (such as Bitcoin)? Yes, already supported 14% Yes, within the next 6 months 11% Yes, within the next 12 months 9% Yes, more than 1 year from now 45% No plan to support 21% Ponemon Institute Research Report Page 23

Q18b. How important is the acceptance of paperless or virtual currencies (such as Bitcoin) to your organization s innovative electronic payment strategy? Essential 40% Very important 43% Somewhat important 11% Not important 6% Irrelevant 0% Q18c. Does the acceptance of virtual currencies increase or decrease the security or integrity of innovative electronic payments? Significant decrease 41% Decrease 42% No impact 10% Increase 5% Significant increase 2% Q18d. Do you believe virtual currencies will overtake paper currencies in the future? Yes, within the next 2 years 11% Yes, within the next 5 years 35% Yes, within the next 10 years 26% Yes, more than 10 years from now 8% Never 20% Q19a. Does your organization support or plan to support payments from e-wallets (such as Google Wallet or Apple Pay)? Yes, already supported 24% Yes, within the next 6 months 33% Yes, within the next 12 months 23% Yes, more than 1 year from now 11% No plan to deploy 9% Q19b. How important is the acceptance of e-wallet services to your organization s innovative electronic payment strategy? Essential 43% Very important 40% Somewhat important 11% Not important 5% Irrelevant 1% Q19c. Does the acceptance of e-wallet services increase or decrease the security or integrity of innovative electronic payments? Significant decrease 34% Decrease 37% No impact 16% Increase 13% Significant increase 0% Ponemon Institute Research Report Page 24

Q19d. What steps is your organization taking to protect the customer s unique identification data when used to authenticate users. Such identifiers may include Social Security numbers, driver s license numbers, passport numbers, photos, biometrics, and more. Encrypt, tokenize or mask data before use 52% Limit the number of unique identification data collected 68% Limit the use of unique identification data to identify and authenticate only 72% Restrict the sharing of unique identification data with third parties 24% Grant the e-wallet user with the ability to delete all identification data after terminating services 66% Require the e-wallet provider to disclose how all personal information is used, shared and retained 69% Other (please specify) 2% Total 353% Q20a. How important is the integration of video and innovative electronic payments (such as video tellers in ATMs) to your organization s electronic payment strategy? Essential 21% Very important 27% Somewhat important 35% Not important 12% Irrelevant 5% Q20b. Does the integration of video and innovative electronic payments increase or decrease the security of innovative electronic payments? Significant decrease 20% Decrease 24% No impact 34% Increase 17% Significant increase 5% Q20c. Is your organization considering the deployment of video teller machines in your store or network? Yes, already deployed 5% Yes, within the next 6 months 12% Yes, within the next 12 months 15% Yes, more than 1 year from now 18% No plan to deploy 50% Ponemon Institute Research Report Page 25

Q21. Following are enabling technologies that may help secure new innovative electronic payment methods. Please rate each technology based on its importance to achieving a strong security posture. Essential & Very Important combined. Very important Essential Q21a. One time passwords or tokens 33% 42% Q21b. Federated identity and authentication systems 35% 36% Q21c. Expanded use of encryption or tokenization in electronic devices 21% 23% Q21d. Expanded use of encryption or tokenization in point of sale (POS) systems 20% 21% Q21e. Expanded use of biometrics 16% 20% Q21f. Virtual private network (VPN) or gateway security tools 14% 17% Q21g. Multi-factor authentication 26% 30% Q21h. Endpoint security solutions 18% 19% Q21i. Electronic device management (MDM) solutions 21% 16% Q21j. SIEM and network intelligence systems 16% 18% Q21k. Continuous monitoring tools 8% 17% Q21l. Behavioral profiling tools 19% 23% Q21m. Big data analytical tools 8% 16% Part 4: Organizational characteristics and demographics D1. What organizational level best describes your position? Senior Executive 2% Vice President 2% Director 15% Manager 20% Supervisor 18% Associate/Staff 5% Technician 35% Administrative 1% Contractor/consultant 2% Other 0% D2. Check the department or function that best defines your role. Administration 4% Applications development 16% IT compliance 11% IT operations 27% IT security 19% Electronic deployment team 15% Research & development 5% Other 3% D3. What is the worldwide headcount of your organization? Less than 250 16 250 to 500 20 501 to 1,000 16 1,001 to 5,000 16 5,001 to 25,000 11 25,001 to 75,000 15 More than 75,000 6 Total 100 Ponemon Institute Research Report Page 26

D4. What industry best describes your organization s industry concentration or focus? Agriculture & food services 1% Communications 4% Consumer products 6% Entertainment & media 2% Financial services 18% Health & pharmaceuticals 12% Hospitality 4% Industrial 10% Public sector 10% Retail 9% Services 8% Technology & software 7% Transportation 3% Utilities & energy 6% Other 0% HP Atalla HP Atalla has brought forth thought leadership in the payments processing area for more than 35 years. Martin "John" Atalla is "known" as the father of the PIN (Personal Identification Number) used for secure ATM transactions since its inception. HP s innovation in encryption technology delivers advanced protection for data stored on-premise and in the Cloud. Designed for organizations that need to protect sensitive information, including financial institutions, retailers, energy companies, healthcare providers and governments, HP Atalla encryption solutions safeguard data throughout its entire life cycle. HP protects data whether at rest, in motion, in use, across the cloud, on-premises or mobile environments to ensure continuous protection of an organization s most sensitive information - while maintaining optimal performance and flexibility. As HP celebrates its 75th year anniversary of innovation, it continues to offer a full suite of Enterprise Security Products that help organizations provide information protection security solutions. More info: HP.com/go/Atalla Ponemon Institute Advancing Responsible Information Management Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards. We do not collect any personally identifiable information from individuals (or company identifiable information in our business research). Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevant or improper questions. Ponemon Institute Research Report Page 27

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback