Merchant Account Types
Merchant Account Providers
News & Advice
Merchant Account Tools
Large number of merchants storing unencrypted card data
Are you storing unencrypted card data without realizing it?
If so, you're not alone. A whopping 71 percent of participating merchants were found to have unencrypted payment data stored on their networks, according to a recent study by data security firm securityMetrics.
That's an 8 percent spike from 2010, worrying experts who say that identity theft remains a formidable problem in the U.S.
According to data from Javelin Strategy & Research, 8.1 million Americans were victimized by identity theft in 2010, with the amount of money lost to such crimes totaling more than $37 billion.
Encrypting data makes consumer financial information significantly more secure, if not airtight.
It's also mandatory for merchants according to rules set forth by the Payment Card Industry Data Security Standard (PCI DSS). Merchants who violate the standards may be subject to fines and other penalties.
Many merchants are unaware they're storing unencrypted information
SecurityMetrics says that instances in which data is left unprotected may be unintentional. For example, some retailers may just be installing, designing or maintaining encryption software improperly. Unencrypted card data may also be the result of "improper card handling by employees," says SecurityMetrics.
"Today's business landscape is littered with merchants that don't know exactly what's on their system[s]," said SecurityMetrics director of forensic investigations, David Ellis, in a press release. "In the majority of cases we've investigated, the merchant was unaware their system was storing unencrypted payment card data. Merchants must take responsibility for their customers' card data, which in turn will benefit worldwide commerce in general."
Whatever the reason for the unencyrpted information, unprotected data is a serious threat, say security experts, and merchants must find ways to seal that data.
"There's so much going on in the security industry that it's sometimes difficult to target the most important things," explains SecurityMetrics CEO Brad Caldwell. "We think these findings are a game changer for the security industry, and will help focus priorities on the bigger problem plaguing merchants today. After all, criminals can't steal card data merchants don't have."See related: 7 reasons to accept smart cards; 6 tips for securing your payment system
Published: December 20,2021