Product Watch: Free Tool Detects PCI Violations

Software detects improperly stored credit card data, other PCI violations
SecurityMetrics next month will offer free software for merchants to detect Payment Card Industry Data Security Standard (PCI-DSS) violations in their organizations.

The downloadable PANscan tool looks for improperly stored or handled credit-card data, and scans for non-PCI compliant or misconfigured payment applications.

"Many merchants inadvertently store payment card data, either because their payment application software fails to meet PCI-DSS standards [or] their applications are improperly configured or because employees are unaware that they should not electronically store this information. If these merchants get hacked, they are not PCI-compliant and may face serious financial penalties," said Brad Caldwell, CEO of SecurityMetrics, in a statement. "PANscan enables merchants to quickly ascertain whether they have a problem so that they can take action to protect themselves."

The tool works for any merchant, regardless if whether it's a customer of SecurityMetrics' PCI Site Certification Services. Only SecurityMetrics customers get telephone or email support, false positive reconciliation, and automatic reporting services, however.

PANscan first searches for cardholder data that's stored in violation of PCI requirements, and triple-checks any threats to confirm them. It provides a summary of scan results in a pop-up window, and can be used on local hard drives, optical drives, and network servers, the company says.

The tool will be available for download in May from here.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.