A recent report from Utah based, security and vulnerability assessment specialists, Security Metrics has revealed that over 429 million, unencrypted ‘Primary Account Numbers’ (PAN) were found during their 2020 scans.
The results of the SecurityMetrics’ PANscan showed that during their scans, 74% of merchants had unencrypted payment card data on their devices and systems, across numerous departments including sales, accounts, marketing and customer services.
Despite the fact that card data may have been unintentionally stored, through poor processes or misconfigured software, this sensitive information, could have been vulnerable to data breaches, data theft, and data leaks, increasing risk and liability for the merchant in the event of a breach.
Alarmingly, the report also stated that 5% of businesses store magnetic full-track data, including the card validation code on the front or back of the payment card after authorisation, which is not permitted in the PCI Data Security Standard requirements.
Whilst the sheer amount of unencrypted PAN’s still at an eye-watering level, it should be noted that in 2010, SecurityMetrics PANscan® discovered about 2.9 billion unencrypted primary account numbers (PAN) on business networks, highlighting that organisations are doing a better job of securing sensitive data, whilst the percentage of merchants hosting unencrypted payment card data has fallen by 14% from 2019.
Although this appears positive, there is still a long way to go.
Gala Technology’s CTO, Steve Biggs commented ‘We have always taken the advice of the PCI SSC, which was to limit the amount of card data entering a merchants’ environment. Sadly, these results highlight that there is still an enormous amount of organisations storing unencrypted, sensitive card information.
Our multi-award winning, affordable, SOTpay solution prevents cardholder data from entering the merchants’ environment in the first place, which it why it simplifies PCI DSS requirements and has seen Gala Technology win numerous PCI: Award for Excellence accolades and ‘Best International Card Not Present Solution.’ for a third successive year at the recent awards in San Francisco.
Gala Technology are also embracing other ways of preventing card data from entering the merchant environment, such as Open Banking, enabling account to account payments, completely negating the risk of a card data breach’
For access to the full report please visit here: PANscan Trends (securitymetrics.com)
The results of the SecurityMetrics’ PANscan showed that during their scans, 74% of merchants had unencrypted payment card data on their devices and systems, across numerous departments including sales, accounts, marketing and customer services.
Despite the fact that card data may have been unintentionally stored, through poor processes or misconfigured software, this sensitive information, could have been vulnerable to data breaches, data theft, and data leaks, increasing risk and liability for the merchant in the event of a breach.
Alarmingly, the report also stated that 5% of businesses store magnetic full-track data, including the card validation code on the front or back of the payment card after authorisation, which is not permitted in the PCI Data Security Standard requirements.
Whilst the sheer amount of unencrypted PAN’s still at an eye-watering level, it should be noted that in 2010, SecurityMetrics PANscan® discovered about 2.9 billion unencrypted primary account numbers (PAN) on business networks, highlighting that organisations are doing a better job of securing sensitive data, whilst the percentage of merchants hosting unencrypted payment card data has fallen by 14% from 2019.
Although this appears positive, there is still a long way to go.
Gala Technology’s CTO, Steve Biggs commented ‘We have always taken the advice of the PCI SSC, which was to limit the amount of card data entering a merchants’ environment. Sadly, these results highlight that there is still an enormous amount of organisations storing unencrypted, sensitive card information.
Our multi-award winning, affordable, SOTpay solution prevents cardholder data from entering the merchants’ environment in the first place, which it why it simplifies PCI DSS requirements and has seen Gala Technology win numerous PCI: Award for Excellence accolades and ‘Best International Card Not Present Solution.’ for a third successive year at the recent awards in San Francisco.
Gala Technology are also embracing other ways of preventing card data from entering the merchant environment, such as Open Banking, enabling account to account payments, completely negating the risk of a card data breach’
For access to the full report please visit here: PANscan Trends (securitymetrics.com)
