Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Hackers Want Unencrypted Card Data

766 views

Published on

Unfortunately, retailers contribute to the 70% of businesses that store unencrypted payment card data against Payment Card Industry regulations. Retailers must learn how to securely delete or encrypt this information to protect customers, decrease their liability, and reduce the likelihood of exploitation’s financial burden. Download a trial of PANscan for free here: www.securitymetrics.com/panscan

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Hackers Want Unencrypted Card Data

  1. 1. fraudsters job easierSecuring Payments:Don’t Make a Hacker’s Job Easier
  2. 2. SecurityMetrics
  3. 3. #1 Thing Our Forensics Team Hears…“I had no idea I wasstoring any carddata…”
  4. 4. Hacked Business = Stored Data95% of SecurityMetricsforensic investigations findunencrypted payment carddata on merchant systems
  5. 5. Costs of Compromise & Non Compliance• $500,000/card brand - Card brand non-compliance fees (Visa)• $10,000-15,000 – Forensic analysis• $613/card– Fraud reimbursement (Gartner)• $2-5/card- Card replacement (Gartner)• $15,000 - Security updates• $561,495 - Notification costs (Ponemon)• $20/mo - Processor non-compliance fees• $5/account - Account monitoring• $78,4364- Business loss (Ponemon)• Total:– Average organizational cost per breach: $5.5 million (Ponemon)
  6. 6. What is Unencrypted Card Data?Magnetic stripedataPAN (Primaryaccount number)Personalinformation
  7. 7. Main Problems1. Unencrypted carddata is the #1 reasonhackers targetbusinesses2. Businesses don’tknow if they storecard data
  8. 8. Hackers Search for Low Hanging Fruit• Many businesses mayhave weaknesses thatleak data• Often overlookIT/service providers• Card data is easy tosteal, lucrative on theblack market
  9. 9. Putting It Into Perspective• 27.9 million smallbusinesses in U.S.• Say each stored 10unencrypted credit cards• 279 million cardsaccessible to hackers viaU.S. business networks.
  10. 10. Investigatedmore than 2,000businesses
  11. 11. What We Found71% storeunencrypted payment dataon their business networkTotal cards found: 315 MILLION
  12. 12. Most Targeted Industries• Financial• Hospitality• Retail
  13. 13. Storing Unknowingly• Improper deletion• Payment applications– Not PCI compliant– Improperly configured
  14. 14. Storing Knowingly• Reoccurring billing• Chargeback/refund• Often stored inMicrosoft Word orExcel• Comments/notes
  15. 15. PCI Council Guidelines“…you really need touse some kind ofmethodology to findwhere cardholderdata is on thenetwork…”Bob Russo, PCI Council
  16. 16. Removing Card Data?• Impossible to manually locate data• Use a card data discovery tool
  17. 17. A Superior Card Discovery Tool• Exhaustive search capability• Easy-to-understand report• Shows # and location of data• Never stores, transmits, or displaysfull payment card data• Efficient on resources
  18. 18. Example: PANscan®• 6,000 businesses use PANscantechnology to search network• Simple, fast,accurate• Try for free
  19. 19. They Can’t Steal Data You Don’t HaveIf businesses begin to regularlyscan their enterprise networks witha card data discovery tool, millionswill be protected from identity theftand cyber fraud.
  20. 20. =

×