Unencrypted Payment Card Data Found on 63% of Merchant Networks -- Security Today

Unencrypted Payment Card Data Found on 63% of Merchant Networks

Mar 25, 2011

Nearly two-thirds of merchant computer systems store unencrypted payment card data in violation of the Payment Card Industry Data Security Standard (PCI DSS), according to scans of more than 475 merchant networks of all sizes by SecurityMetrics. This readable card data leaves merchants liable to fines and other penalties in case of card data compromise.

The presence of prohibited card information in 63 percent of merchant systems was discovered in beta testing of SecurityMetrics' just-released PANscan product, a free patent-pending software tool that searches for unencrypted track 1, track 2 and primary account number (PAN) data on merchant machines to support PCI DSS compliance efforts.

The test findings indicate a large number of merchants use payment application software that does not conform to the Payment Application Data Security Standard (PA-DSS), fail to configure their payment applications properly, neglect to erase old data when new payment applications are purchased, and/or fail to train their employees in proper handling and storage of card data.

"Improper storage of payment card information puts cardholder data at risk. Our testing suggests that the problem remains surprisingly widespread even with increasing industry emphasis on the need for compliance with PCI DSS regulations," said SecurityMetrics CEO Brad Caldwell. "Proactively looking for unprotected data with a tool like PANscan can help close this security gap and potentially thwart future theft incidents."

Featured

The Evolution of ID Card Printing: Customer Challenges and Solutions

The landscape of ID card printing is evolving to meet changing customer needs, transitioning from slow, manual processes to smart, on-demand printing solutions that address increasingly complex enrollment workflows. Read Now
- Access Control
TSA Awards Rohde & Schwarz Contract for Advanced Airport Screening Ahead of Soccer World Cup 2026

Rohde & Schwarz, a provider of AI-based millimeter wave screening technology, announced today it has won a multi-million dollar award from TSA to supply its QPS201 AIT security scanners to passenger security screening checkpoints at selected Soccer World Cup 2026 host city airports. Read Now
- Airport Security
Brivo, Eagle Eye Networks Merge

Dean Drako, Chairman of Brivo, the leading global provider of cloud-native access control and smart space technologies, and Founder of Eagle Eye Networks, the global leader in cloud AI video surveillance, today announced the two companies will merge, creating the world’s largest AI cloud-native physical security company. The merged company will operate under the Brivo name and deliver a truly unified cloud-native security platform. Read Now
- Artificial Intelligence
Security Industry Association Announces the 2026 Security Megatrends

The Security Industry Association (SIA) has identified and forecasted the 2026 Security Megatrends, which form the basis of SIA’s signature annual Security Megatrends report defining the top 10 factors influencing both near- and long-term change in the global security industry. Read Now
- Artificial Intelligence
The Future of Access Control: Cloud-Based Solutions for Safer Workplaces

Access controls have revolutionized the way we protect our people, assets and operations. Gone are the days of cumbersome keychains and the security liabilities they introduced, but it’s a mistake to think that their evolution has reached its peak. Read Now
- Access Control

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Automatic Systems V07

Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.
Camden CM-221 Series Switches

Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.
Unified VMS

AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities