TMCnet News
Six Out of 10 Merchants Store Unencrypted Payment Card DataOREM, Utah, March 24, 2015 /PRNewswire/ -- Businesses continue to struggle with the prohibited storage of unencrypted customer payment data. In its fourth study on unencrypted card data, SecurityMetrics' patented card discovery tool PANscan® found that 61% of businesses store the unencrypted 16-digit sequence on the front of credit cards, also known as the Primary Account Number (PAN). In the recently released Payment Card Industry Data Security Standard 3.0 (PCI DSS), merchants are instructed that, "Protection methods such as encryption, truncation, masking, and hashing are critical components of cardholder data protection" in PCI DSS Requirement 3. However, in just five years PANscan has found more than 1.2 billion unencrypted card numbers on business networks. "Unencrypted storage continues to be an issue among merchants, even with new technologies like EMV," said Gary Glover, Director ofSecurity Assessment at SecurityMetrics. "EMV-enabled payment terminals can still be used to make a payment transaction using an optional mag stripe swipe process, which means there's still an opportunity for misconfigured software to inadvertently capture and store full track data." The study revealed that PANscan scanned 204,332 GB of data on 3,627 computers and found:
"I expect the trend of unencrypted card data storage to steadily but slowly decline each year," said Glover. "The sooner businesses implement point-of-sale encryption technology like P2PE (encrypt at swipe), the sooner stored unencrypted data will become a thing of the past." Card data discovery tools like PANscan simplify the process of identifying and directing users to unencrypted card data. View the infographic (http://info.securitymetrics.com/panscan-infographic-2015) to learn more about the study, or contact a SecurityMetrics representative at [email protected] or 801.705.5665 to learn more about PANscan. About SecurityMetrics (www.securitymetrics.com) Logo - http://photos.prnewswire.com/prnh/20140225/SF71790LOGO
To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/six-out-of-10-merchants-store-unencrypted-payment-card-data-300054719.html SOURCE SecurityMetrics |