ISACA Study: 87% of Cybersecurity Experts Expect Mobile Payments Data Breaches in 2015

Global companies and government organizations have become increasingly concerned about cybersecurity in 2015. With the recent history of major information breaches in various sectors, cybersecurity failure does not seem to be surprising anymore. Results of the survey conducted by Information Systems Audit and Control Association (ISACA) on Mobile Payment Security proved it true. 900 global business and IT professionals who are members of ISACA participated in an online survey in August 2015. The ISACA report provides a clear understanding of the current situation with mobile payments security.

It is out of question that mobile payments are convenient and that the mobile payments sector will continue to evolve and grow. However, along with the technological improvement comes the question of balancing the risks and benefits. The study suggests that mobile payment users need to educate themselves in order to make informed choices about personally acceptable levels of risk. As the International President of ISACA Christos Dimitriadis says, consumers need to embrace and educate themselves about new services and technologies’’.

Security and risk concerns

Among the key findings of the study is the fact that 87% of surveyed experts expect an increase of mobile payment data breaches over the next 12 months. Moreover, only 23% indicated belief in mobile payments security.

Other important insights from the study include the major weaknesses associated with mobile payments:

  • Use of public Wi-Fi on a payment-enabled device - 26%
  • Lost/stolen devices - 21%
  • Phishing/smishing (phishing conducted over SMS) – 18%
  • Weak passwords – 13%
  • User error – 7%
  • No security vulnerabilities – 0.3%

Among the results that stood out was the fact that while the vast majority of the respondents did not have confidence in the security of mobile payments, it did not affect their purchasing behavior. In fact, 42% of professionals who participated in the study used a mobile payment platform to make purchases.

How to address the challenges

Even though mobile payments are not entirely safe, many people still use that method of payment. The main questions of the study centered around how businesses can address the security issues of mobile payments and what individuals can do to protect their personal data. Participants of the survey indicated the most important action consumers could take to ensure their security:

  • Two-factor authentication (using multiple ways to confirm identity) – 66%
  • Limited-duration code – 18%
  • Phone based security applications – 9%

When it comes to education, the top steps respondents said adults should take to ensure the security of their children were:

  • Requiring a PIN or password for access – 72%
  • Parental control software – 58%
  • Remote wipe – 53%
  • General mobile security software – 53%

John Pironti, Risk Advisor with ISACA and President of IP Architects, finds a positive trend in the results of the survey. Even though mobile payments security has been compromised over the past years, convenience has its power. The fear of identity theft or massive data breaches is not slowing down the adoption of new technologies. It is a matter of awareness and education on how consumers can protect themselves. Proper management of effective security features can help to take the best from innovative technologies like mobile payments.


ISACA helps global professionals lead, adapt and assure trust in an evolving digital world. ISACA is a global nonprofit association of 140,000 professionals in 180 countries established in 1969. The organization offers a holistic cybersecurity resource, and COBIT, a business framework to govern enterprise technology.