Brian Pennington

A blog about Cyber Security & Compliance


Mobile network operator

Mobile phone users are not concerned with security until there is a breach and then they blame their provider

Crossbeam Systems have released research into Mobile Phone user’s opinions on security. 

The most revealing finding was that compromised security, rather than high monthly fees, would be the biggest reason for UK smartphone users to change mobile network providers. 

The independent blind survey of 1,076 UK adult smartphone users and bill payers examined: –

  • usage habits
  • the importance of mobile security and data services
  • purchasing considerations
  • what would motivate them to switch providers

A summary of the survey results are below:-

  • 75.6% of those surveyed would change mobile providers if their current, operator-supplied smartphone was compromised by hackers, malware or other security failure
  • 79% of 648 women surveyed stating they would change networks if their smartphone fell victim to a security issue.
  • 70% of 428 men surveyed would also change networks following a security incident
  • 56% of global respondents don’t know if their mobile network provider has measures in place to secure their smartphone
  • 35.7% of respondents were aware that their smartphone contained applications that stored or had access to financial information such as PayPal, retail apps with saved card payment information and mobile banking apps, and that third parties accessing these would be a concern
  • 52.9% would be scare of other people having “Access to my personal information, such as passwords and credit card details”
  • 5.8% said a lack of security would drive them away from their current network provider

If your smartphone was hacked by a criminal whose fault would it be?

  • 37.5% My mobile network provider (Vodafone, O2 etc.)
  • 31.6% Mine
  • 17.9% My smartphone manufacturer (Apple, Samsung, HTC, etc.)
  • 12.9% Other please specify

Smartphone users, like most people, don’t think about the security of their devices until they’ve been hacked. This may be misleading mobile network operators to focus less of their attention on customer security and underestimate the risk it creates said Peter Doggart of Crossbeam

The good news is 53 percent of global respondents expressed a willingness to pay their network provider additional fees to help improve security.

25% of Mobile Network Operators are not PCI DSS Compliant

Vesta Corporation conducted a survey of Mobile Network Operators (MNOs) in the USA and Europe and discovered that over a quarter of them were non-compliant to the Payment Card Industry Data Security Standards (PCI DSS).

Of equal concern are the 35% who did not know of the potential financial penalties they could face in the event of an Account Data Compromise (data breach).

Key findings of the survey

  • 25% of respondents are not currently PCI DSS compliant
  • 35% of respondents unaware of potential penalties for non-compliance
  • The average cost of initial PCI DSS compliance was approximately $700,000 USD
  • Over 50% were spending over $1,390,000 USD annually in PCI compliance maintenance costs.
  • 69% of respondents stated that more than three people in their organization work full time on maintaining PCI compliance.
  • 56% felt that the greatest impact of a security lapse or data breach to their business would be a loss of customer confidence.
  • Over a third of these maintain an internal security group for PCI compliance.
  • Under a quarter of respondents maintain PCI DSS via cross functional teams that receive direction on a group level with local implementation.
  • All respondents regard the touchpoints of live agent, Web and retail as very important to the success of their organization’s PCI compliance.
  • The areas of highest concern mentioned by the operators included ensuring applications and systems are compliant; network monitoring and scanning; and vulnerability management.

“The survey shows that there is clearly room for improvement by the mobile operator community in addressing PCI DSS compliance, and it is critical that operators not yet compliant take appropriate measures to ensure the security of their customer’s sensitive cardholder data,” said Joshua Rush, VP Marketing at Vesta. “However, compliance should not be viewed as a mandatory demand by the card associations but as a competitive sales and marketing differentiator at a time where data security is of paramount concern to subscribers.”

The white paper can be downloaded here.

For more information on PCI DSS visit the PCI resources page here.


Blog at

Up ↑

%d bloggers like this: