Merchant Account Types

Merchant Account Providers

News & Advice

Merchant Account Tools


Merchant Account Guide > Merchant Account News > Large number of merchants storing unencrypted card data


Print this article: Large number of merchants storing unencrypted card data  Print 
Email this article: Large number of merchants storing unencrypted card data  Email 

Large number of merchants storing unencrypted card data

Are you storing unencrypted card data without realizing it?

data-breach(1)

If so, you're not alone. A whopping 71 percent of participating merchants were found to have unencrypted payment data stored on their networks, according to a recent study by data security firm securityMetrics.

That's an 8 percent spike from 2010, worrying experts who say that identity theft remains a formidable problem in the U.S.

According to data from Javelin Strategy & Research, 8.1 million Americans were victimized by identity theft in 2010, with the amount of money lost to such crimes totaling more than $37 billion. 

Encrypting data makes consumer financial information significantly more secure, if not airtight.  

It's also mandatory for merchants according to rules set forth by the Payment Card Industry Data Security Standard (PCI DSS). Merchants who violate the standards may be subject to fines and other penalties.

Many merchants are unaware they're storing unencrypted information
The securityMetrics study uncovered a staggering 370 million unencrypted cards on various-sized business and home networks. The number of payment cards discovered in a single network scan was 96 million, the company reports.

SecurityMetrics says that instances in which data is left unprotected may be unintentional. For example, some retailers may just be installing, designing or maintaining encryption software improperly. Unencrypted card data may also be the result of "improper card handling by employees," says SecurityMetrics.

"Today's business landscape is littered with merchants that don't know exactly what's on their system[s]," said SecurityMetrics director of forensic investigations, David Ellis, in a press release. "In the majority of cases we've investigated, the merchant was unaware their system was storing unencrypted payment card data. Merchants must take responsibility for their customers' card data, which in turn will benefit worldwide commerce in general."

Whatever the reason for the unencyrpted information, unprotected data is a serious threat, say security experts, and merchants must find ways to seal that data.

"There's so much going on in the security industry that it's sometimes difficult to target the most important things," explains SecurityMetrics CEO Brad Caldwell. "We think these findings are a game changer for the security industry, and will help focus priorities on the bigger problem plaguing merchants today. After all, criminals can't steal card data merchants don't have."

See related: 7 reasons to accept smart cards; 6 tips for securing your payment system

Published: December 20,2023

Comments or Questions, Library of Stories

Three most recent Data security stories: