Gala Technology Limited
+44 (0) 1709 911 661   Email Us 

429 Million Unencrypted Cards Found in Security Scans.

A recent report from Utah based, security and vulnerability assessment specialists, Security Metrics has revealed that over 429 million, unencrypted ‘Primary Account Numbers’ (PAN) were found during their 2020 scans.

The results of the SecurityMetrics’ PANscan showed that during their scans, 74% of merchants had unencrypted payment card data on their devices and systems, across numerous departments including sales, accounts, marketing and customer services.

429 Million Unencrypted Cards Found in Security Scans
Despite the fact that card data may have been unintentionally stored, through poor processes or misconfigured software, this sensitive information, could have been vulnerable to data breaches, data theft, and data leaks, increasing risk and liability for the merchant in the event of a breach.

Alarmingly, the report also stated that 5% of businesses store magnetic full-track data, including the card validation code on the front or back of the payment card after authorisation, which is not permitted in the PCI Data Security Standard requirements.

Whilst the sheer amount of unencrypted PAN’s still at an eye-watering level, it should be noted that in 2010, SecurityMetrics PANscan® discovered about 2.9 billion unencrypted primary account numbers (PAN) on business networks, highlighting that organisations are doing a better job of securing sensitive data, whilst the percentage of merchants hosting unencrypted payment card data has fallen by 14% from 2019.

Although this appears positive, there is still a long way to go.

429 Million Unencrypted Cards Found in Security Scans
Gala Technology’s CTO, Steve Biggs commented ‘We have always taken the advice of the PCI SSC, which was to limit the amount of card data entering a merchants’ environment. Sadly, these results highlight that there is still an enormous amount of organisations storing unencrypted, sensitive card information.

Our multi-award winning, affordable, SOTpay solution prevents cardholder data from entering the merchants’ environment in the first place, which it why it simplifies PCI DSS requirements and has seen Gala Technology win numerous PCI: Award for Excellence accolades and ‘Best International Card Not Present Solution.’ for a third successive year at the recent awards in San Francisco.

Gala Technology are also embracing other ways of preventing card data from entering the merchant environment, such as Open Banking, enabling account to account payments, completely negating the risk of a card data breach’

For access to the full report please visit here: PANscan Trends (
Let's Talk
Our team of experts have many years of experience in payment solutions of all kinds, including PCI-DSS compliant card payments, direct debit and Open Banking. To book a free consultation to find out more about how we can help your business to accept smooth and easy payments, simply give us a call on 01709 911661, drop us an email here, or let us know which day is most convenient via the calendar below and we’ll be in touch when it suits you.

Armor Secure Hosting    DMARC - Email Protection    PCI Compliant

Gala Technology Limited, Unit 10 Farfield Park, Manvers, Rotherham, South Yorkshire, S63 5DB
what3words location ///balance.buyers.shrug


Copyright © 2015 - 2022 Gala Technology Limited. All Rights Reserved.