Merchants skirting data protection standards

Mark PryorMany merchants are storing unencrypted card information on their computer systems, which is a violation of a core principle of the Payment Card Industry’s data-security standards, according to a new report.

SecurityMetrics Inc.’s PANscan tool has made 2,736 scans worldwide since the beginning of 2011 and found that 71 percent of merchant computer systems were storing unencrypted payment card data, reports.

PANscan is a software tool that was developed to search for unencrypted Track 1, Track 2 and primary account number data on computer systems operated by merchants.

The Payment Card Industry has made the security of card information a core principle of data protection. Although some merchants may not be aware that they are in violation, the PANscan study indicates that many of them are.

In order to ensure that they are not storing card data, merchants should regularly review methods and operations of their businesses by using a type of system-scanning tool, Jon Clark, a product marketing manager at SecurityMetric said, reports.

Legislation to require businesses that store consumers’ personal information implement strong security measures was reintroduced this year by Sens. Mark Pryor (D-Ark.) and Jay Rockefeller (D-W.Va.).

“The consequences of data breaches can be grave: identity theft, depleted savings accounts, a ruined credit score, and trouble getting loans for cars, homes and children’s education are just some of the effects,” Rockefeller said. “In today’s economy, we simply cannot let this happen. Companies that maintain vast amounts of consumer information need to have effective safeguards in place to keep sensitive consumer information secure.”

Comments are closed.