A majority of businesses fail to encrypt credit cards, according to SecurityMetrics’ latest study on unencrypted card data. The study found that 63.86 percent of businesses store the unencrypted 16-digit sequence on the front of the credit card, while 7.37 percent of businesses store the magnetic stripe data on the back of the card.
A 2014 PANscan analysis of 145,144 gigabytes of data on 2,590 computers found that 87,206,203 payment cards were unencrypted. “Unencrypted card data is the ‘low hanging fruit’ that is ripe for easy picking, and it’s what attackers first look for when they hack a business,” warns SecurityMetrics’ David Ellis.
PANscan has detected more than 780 million unencrypted card numbers on business networks since its launch. “Unencrypted card data can easily occur at both small and large retail locations,” notes SecurityMetrics’ Gary Glover. “It may accidentally be saved on point-of-sale terminals, office workstations, hard drives, etc., due to misconfigured software, improper file removal, or restored backups.”
From “63% of Businesses Don’t Encrypt Credit Cards”
Help Net Security (07/17/14)