Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Large Quantities Of Sensitive Payment Card Data Found At Various Companies

Foregenix : 16 June, 2011  (Technical Article)
Confidential data discovery exercise conducted by Foregenix reveals large amounts of payment card non-compliances
Digital forensics and incident response specialist, Foregenix, has announced the results of its data discovery projects conducted across 40 companies over a five month period spanning January to May, 2011. The FScout data discovery tool from Foregenix found over 100 million unique PANS (primary account numbers) residing on the participating companies’ systems. It was also able to identify over 1,000 instances of Track 1 data and over three million instances of Track 2 data – the full magnetic strip on payment cards, allowing cloning of the cards if stolen. The confidential trial was conducted with companies of varying sizes from a number of industries including acquiring banks, retailers, hospitality and ecommerce companies.

 

The results confirmed that most companies are unaware of the sensitive cardholder data that is lying dormant on their systems. Identifying this legacy data is crucial, as is the means of handling it after discovery. Companies must retain and protect only what is absolutely necessary for business, and delete everything else in a secure fashion; specifically, Track 2 data should never be stored after a transaction has been authorised. Identifying and protecting/deleting this data effectively reduces the cost and complexity of achieving and maintaining PCI DSS compliance and reduces the risk of cardholder data compromise.

 

“Our trial showed that many merchants have no visibility over the unprotected data that they are storing,” says Benjamin Hosack, director of Foregenix. “Data Discovery tools assist businesses in identifying unprotected legacy cardholder data, and through regular monitoring provides them with assurance that they are not exposed to unnecessary risk. Acting as an early warning, these tools will alert businesses as soon as unprotected data is identified in business systems. Data leakage could be from mis-configurations of payment systems, changed business processes or malicious behaviour; all of which need to be managed efficiently to reduce risk.”

 

While many large merchants are working towards full PCI DSS compliance, Level 4, or smaller merchants, are still being compromised frequently. In fact, 96% of data compromises in 2010 took place in this sector.

 

“The target remains the same for attacks. Cybercriminals want cardholder data,” continues Hosack. “We have seen businesses of all types falling victim to attack through a variety of methods. With the majority of attackers identifying unprotected cardholder data companies need to act now to protect their businesses and customers.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo