PaymentsJournal
No Result
View All Result
SIGN UP
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
PaymentsJournal
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
No Result
View All Result
PaymentsJournal
No Result
View All Result

SecurityMetrics Finds Unencrypted Card Data in Two-Thirds of Merchants Scanned

By Mercator Advisory Group
March 15, 2011
in Analysts Coverage
0
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
Digital Transactions has an item today about PCI scanning vendor SecurityMetrics’ PANScan tool, which has detected unencrypted card data in nearly two-thirds of merchants that participated in a recent test. The version of PANScan used in the test is available for free download at the SecurityMetrics PANScan Web site. The article pointed to merchants’ use of payment applications that are not compliant with the Payment Application Data Security Standard (PA-DSS), failure to erase old data when new payment applications are installed, and lack of training in proper data storage techniques as the main reasons for the proliferation of unencrypted card data in merchant systems.

The merchants participating in the test ranged in size from small Level 4 merchants to the largest Level 1 merchants.

Of 478 card data scans conducted during the beta test, 303, or 63.4%, uncovered unencrypted card data, SecurityMetrics says. The tests found about 18 million cards in a scan of 67.5 million files. The maximum number of cards uncovered in a single scan totaled 1.9 million.

SecurityMetrics says it’s impossible to identify the PCI status of the merchants storing unencrypted card data since the PANscan tool is available to anyone for free download and use. Merchants weren’t asked whether they were in compliance with PCI.

Many merchants are unaware that their systems are storing the unencrypted data, says Brad Caldwell, chief executive of SecurityMetrics. “One of the biggest things we hear from merchants is ‘I had no idea I had this data. I talked to my developer and he didn’t say he was storing card data,’” Caldwell says.

Click here to read more.

0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Get the Latest News and Insights Delivered Daily

    Subscribe to the PaymentsJournal Newsletter for exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    Payments Modernization

    Playing Offense and Defense: Why Now Is the Time for Payments Modernization

    May 13, 2025
    Authorization Rates

    Boosting Revenue for Merchants by Optimizing Authorization Rates

    May 12, 2025
    Why Payment Orchestration is the key to international merchant growth

    Ensuring Payment Decisions Pay for Themselves

    May 9, 2025
    cross-border

    As Businesses Reevaluate Cross-Border Relationships, Financial Institutions Can Help

    May 8, 2025
    Nacha WEB Debit Account Validation Rule Verification Solution, Quovo ACH Payment

    The Brave New Future of the Disappearing Account

    May 7, 2025
    solana financial

    After an Upgrade, Solana is Primed to Be the Blockchain of Choice for Financial Institutions

    May 6, 2025
    PAR values

    The Connecting Thread: How PAR Values Can Mitigate Fraud and Supercharge Loyalty Programs

    May 5, 2025
    mobile banking

    How Mobile Banking Apps Can Be the Center of Customers’ Money Movement Activities

    May 2, 2025

    Linkedin-in X-twitter
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter

    ©2024 PaymentsJournal.com |  Terms of Use | Privacy Policy

    • Commercial Payments
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    No Result
    View All Result