A study conducted by a merchant data security, SecurityMetrics, shows that 71% of merchants who entered the study were found to store unencrypted payment card data, an increase of 8% of last year.
Merchants who keep this unencrypted payment card data directly violare Payment Card Industry Data Security Standard (PCI DSS) requirements and can have consequences of fines and penalties afetr a compromise. The unprocted data indicates many factors, including improperly designed or confirgured payment application, a non-PCI-compliant payment application or improper card handling by employees.
All together, the sudy found over 370 millio unencrypted cards on various-sized business and home networks, with one network scanning over 96 million payment cards. This study concluded that card discovery and deletion must be performed as a regular business operation to impact security.
“Today’s business landscape is littered with merchants that don’t know exactly what’s on their system,” said SecurityMetrics Director of Forensic Investigations, David Ellis. “In the majority of cases we’ve investigated, the merchant was unaware their system was storing unencrypted payment card data. Merchants must take responsibility for their customers’ card data, which in turn will benefit worldwide commerce in general.”