Unencrypted Payment Data Stored by Merchants Increased This Year

By December 09, 2011
Keywords : Smart city, America
credit cards

More merchants are keeping unencrypted credit card information. Enforcing a rigorous security protocol avoids fines as well as keeps customers safe.

Corporate security can cover nearly every business function, and with so much going on in security technology, merchants can lose track of important practices. One key example is customer payment data. A SecurityMetrics study shows that 71 % of merchants who participated were found to store unencrypted payment card data in their computer systems in 2011 - an increase of 8 % since 2010. The merchant data security specialist’s CEO Brad Caldwell refers to this data issue as an important problem: "We think these findings are a game changer for the security industry, and will help focus priorities on the bigger problem plaguing merchants today. After all, criminals can't steal card data merchants don't have."

Storing open payment data is illegal, but companies may not even know they are doing it

Companies that store unencrypted credit card data violate Payment Card Industry Data Security Standard (PCI DSS) requirements, but may be doing so due to faults in their payment applications or improper employee handling. The six major areas require companies to: build and maintain a proper network, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks, and maintain an information security policy. Proper handling needs to be integrated into security protocol for companies, and merchant awareness is the first step in security management. Since all companies that process, view or store credit card information are subject to the PCI DSS compliance, this is a significant undertaking.

SecurityMetric’s PANscan aims to alleviate a technical problem that can be used by non-techs

The free-to-download PANscan searches for payment data on company networks, and was used by SecurityMetrics to inform their study. While there are many ways of verifying if DSS-infringing material is present, the PANscan product allows non-technical merchants to assure their systems are secure. "PANscan enables merchants to quickly ascertain whether they have a problem so that they can take action to protect themselves, " Brad Caldwell explains.


Legal mentions © L’Atelier BNP Paribas