A recent report from Utah based, security and vulnerability assessment specialists, Security Metrics has revealed that over 511 million, unencrypted ‘Primary Account Numbers’ (PAN) were found during their 2019 scans.
The results of the SecurityMetrics’ PANscan showed that during their scans, 88% of merchants had unencrypted payment card data on their devices and systems, across numerous departments including sales, accounts, marketing and customer services.
The percentage of businesses that had improperly stored PAN data, has risen each year, starting at 61% in 2015, 67% in 2016, 69% in 2017, rising sharply in 2018 to 85%, and 88% in 2019.
Despite the fact that card data may have been unintentionally stored, through poor processes or misconfigured software, this sensitive information, could have been vulnerable to data breaches, data theft, and data leaks, increasing risk and liability for the merchant in the event of a breach.
Alarmingly, the report also stated that 7% of businesses store magnetic full-track data, including the card validation code on the front or back of the payment card after authorisation, which is not permitted in the PCI Data Security Standard requirements.
Gala Technology’s CTO, Steve Biggs commented ‘We have always taken the advice of the PCI SSC Chief Technology Officer, Troy Leach, which was to limit the amount of card data entering a merchants’ environment. Sadly, these results highlight a growing trend in the storing of unencrypted sensitive card information.
Our multi-award winning, affordable, SOTpay solution prevents cardholder data from entering the merchants’ environment in the first place, which it why it simplifies PCI DSS requirements and has seen Gala Technology win back to back PCI: Award for Excellence accolades.’ For access to the full report please visit here: https://www.securitymetrics.com/learn/panscan-trends