News & Resources

Unencrypted card information continues to be stored by many companies

Dec 06, 2012 Dave King

Unencrypted card information continues to be stored by many companies
A new report indicates that companies haven't made much progress this year in reducing the amount of unencrypted account information on their computer networks.
 In its latest study of how merchants and other businesses handle unencrypted primary account numbers, the data security firm SecurityMetrics found that more than 70 percent of companies continue to store such unprotected information. That was approximately the same number of businesses reported in 2011. Of the total, about 55 percent of companies were in financial services, hospitality and retail industries. Specifically, the survey showed that more than 10 percent of merchants store magnetic stripe track data, which is frequently used in illegally reproduced credit and debit cards. "Hackers proactively search for unencrypted card data because it takes less effort to steal," stated SecurityMetrics director of security assessment Gary Glover, in a release. "Whether a business stores unencrypted card data because of an improperly configured payment application, or because employees handle data improperly, storing card data without encryption is against industry regulation." Such storage violates Payment Card Industry Data Security Standard (PCI DSS) requirements, according to PCISecurityStandards.org. While compliance is voluntary, the storage of unencrypted information can lead to fraudulent activities that can damage both a consumer's finances and a merchant's reputation for handling personal data.