BLOG
Study Finds 8 Percent Increase of Unencrypted Cards Since 2010
December 20, 2011 - 16:09:28
December 20, 2011 - 16:09:28
Security Metrics Inc., a Salt Lake City, Utah-based provider of PCI security solutions, published a study showing 71% of the merchants queried worldwide were found to store unencrypted payment card data in 2011, an increase of 8 percent since 2010.
Among the study’s conclusions:
· Card discovery and deletion is not a one-time event, but must be a part of regular business operation to impact security.
· In the majority of cases investigated, the merchant was unaware their system was storing unencrypted payment card data.
· The discovery of unprotected cardholder data indicates a number of factors, including:
o An improperly designed or configured payment application
o A non-PCI compliant payment application
o Improper card handling by employees.
The full article can be found here.
... Posted by:
Dave Faliski
Comments
Doug
Hi Dean,\\n\\nUsing password-protected files is no longer considered sufficient security for storing sensitive customer data. Based upon the sophistication of today\\\'s hackers, password-protecting files only represents a speed bump for someone looking to steal card data, and is not considered a PCI-compliant strategy. PCI requires that if credit card data is stored, it must be stored encrypted and under a very strict set of encryption related requirements that can be very difficult to meet. In addition, encryption itself can impact the valid and appropriate access of data by valid internal users or systems. If encryption methods prove to be too complex or inefficient to incorporate, a better security approach may be \\\"tokenization.\\\" Wind River has numerous solutions that remove sensitive data from merchant networks and replace the data with tokens. These tokens are easily used for valid transaction processing, but prove completely worthless to hackers. Please feel free to contact us to explore solutions to protect your customer data and reduce your company\\\'s exposure and risk.\\n
Hi Dean,\\n\\nUsing password-protected files is no longer considered sufficient security for storing sensitive customer data. Based upon the sophistication of today\\\'s hackers, password-protecting files only represents a speed bump for someone looking to steal card data, and is not considered a PCI-compliant strategy. PCI requires that if credit card data is stored, it must be stored encrypted and under a very strict set of encryption related requirements that can be very difficult to meet. In addition, encryption itself can impact the valid and appropriate access of data by valid internal users or systems. If encryption methods prove to be too complex or inefficient to incorporate, a better security approach may be \\\"tokenization.\\\" Wind River has numerous solutions that remove sensitive data from merchant networks and replace the data with tokens. These tokens are easily used for valid transaction processing, but prove completely worthless to hackers. Please feel free to contact us to explore solutions to protect your customer data and reduce your company\\\'s exposure and risk.\\n
22 December, 2011 - 4:40 pm
Dean
We currently store a number of customer credit cards in a password-protected file. Although the data is not encrytped, we do control the access to the password and file. Is this level of security and protection sufficient?
We currently store a number of customer credit cards in a password-protected file. Although the data is not encrytped, we do control the access to the password and file. Is this level of security and protection sufficient?
22 December, 2011 - 11:21 am
Post a Comment
