Perimeter
11/28/2012
02:49 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Study Finds Unencrypted Payment Data On Business Networks Remains At 70%

SecurityMetrics PANscan finds financial, hospitality, retail industries store most info

OREM, Utah, Nov. 28, 2012 /PRNewswire/ -- SecurityMetrics, a leading provider of payment data security and compliance solutions, today published its second annual Payment Card Threat Report revealing unencrypted PAN (Primary Account Number) storage remains alarmingly high. Virtually no change occurred between 2011 and 2012, with card data storage on corporate systems declining less than one quarter of a percent (.24%). The study exposed that greater than 10% of merchants store magnetic stripe track data, essential for the illegal reproduction of credit and debit cards. Financial, hospitality, and retail industries accounted for 55% of the total unencrypted payment card data storage among businesses tested.

"Hackers proactively search for unencrypted card data because it takes less effort to steal," said Director of Security Assessment, Gary Glover. "Whether a business stores unencrypted card data because of an improperly configured payment application, or because employees handle data improperly, storing card data without encryption is against industry regulation."

Businesses that store unencrypted payment card data directly violate Payment Card Industry Data Security Standard (PCI DSS) requirements and are more likely to be exploited and suffer severe financial repercussions. Credit card fraud costs U.S. establishments $52.6 billion per year1, and unencrypted card data storage financially plagues both businesses and consumers when discovered by criminals.

SecurityMetrics releases its annual study to encourage businesses to realize the unknown danger of unencrypted card data storage and the devastating fines that follow. Core to the study was PANscan, a card discovery tool that searches for unencrypted track 1, track 2 and PAN data on networks. To view the report, or download PANscan to determine if your business is storing data, visit https://www.securitymetrics.com/sm/pub/panscan/resources.

About SecurityMetrics (www.securitymetrics.com) SecurityMetrics assists in protecting electronic commerce and payments leaders, global acquirers, and their retail customers from security breaches and data theft. The company is a leading provider and innovator in merchant data security and compliance, and as an Approved Scanning Vendor and Qualified Security Assessor, has helped over 1 million organizations manage PCI DSS compliance and/or secure their network infrastructure, data communication, and other information assets. Founded in October 2000, SecurityMetrics is a privately held company headquartered in Orem, Utah, USA.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4262
Published: 2014-07-28
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-...

CVE-2013-4840
Published: 2014-07-28
Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors.

CVE-2013-7393
Published: 2014-07-28
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions...

CVE-2014-2974
Published: 2014-07-28
Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

CVE-2014-2975
Published: 2014-07-28
Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.