Are you storing sensitive credit card data… without knowing?
According to a recent Security Metrics study, more than 70% of merchants store unencrypted credit card data on their business networks, unbeknownst to them. Are you one of them?
It’s important that you know because smaller merchants are a prime target for cyber criminals. Visa claims that although many merchants to attempt to keep their credit card processing data secure, most to not take the time nor spend the money to make their business network secure, leaving them susceptible to breach.
Having an unsecure business network along with credit card processing data that is not encrypted is a recipe for disaster. The most common places that merchants may be storing unencrypted credit card data include: outdated POS Software, backend payment application servers, attached & external storage devices, employee workstations, and web servers among others. Problems with improper credit card data occurs when merchants incorrectly install POS Software or are running older merchant account POS applications that are not PCI DSS compliant.
Another important fact is that many merchants are under the false impression that if they simply delete a file containing this sensitive credit card processing data that it is completely removed from their account and their computer. Unfortunately this is not the case. The only thing that the file delete does is remove it from the users account, but the sensitive merchant information is still stored on the system just waiting for a hacker to breach the firewall and gain access to this data.
Also be aware of this; once these criminals do breach the merchants firewall and discover this credit card data, their mission is far from complete. They will install malware that continues to search and feed them new information until it is discovered. This is a serious problem that merchants need to address . Talk to your network administrator and have her do an extensive search for unencrypted credit card data and complete an entire security scan of your network. If you want additional piece of mind, hire a Qualified Security Assessor to validate your adherence to PCI DSS.
As a merchant you are responsible for protecting your customers cardholder data and it is our responsibility to keep you informed and help you in any way we can.Tagged