View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

No lessons learnt – 61% still store unencrypted payment data

Have businesses learnt nothing from high profile data breaches & hacks?

By CBR Staff Writer

Despite high profile incidents of storing unencrypted customer payment data, a study from SecurityMetrics has found that 61%of businesses still store the unencrypted 16-digit sequence on the front of credit cards, also known as the Primary Account Number (PAN).

SecurityMetric’s PANscan tool scanned 204,332 GB of data on 3,627 computers and found that there are 332,263,315 unencrypted payment cards.

Though the number of unencrypted PAN data has dropped 2% since 2014, 7% of businesses still store full magnetic stripe data, including PIN, CVV, service code, expiration date, cardholder name, and PAN.

SecurityMetrics Security Assessment director Gary Glover said, "Unencrypted storage continues to be an issue among merchants, even with new technologies like EMV.

"EMV-enabled payment terminals can still be used to make a payment transaction using an optional mag stripe swipe process, which means there’s still an opportunity for misconfigured software to inadvertently capture and store full track data."

Glover added, "I expect the trend of unencrypted card data storage to steadily but slowly decline each year."

"The sooner businesses implement point-of-sale encryption technology like P2PE (encrypt at swipe), the sooner stored unencrypted data will become a thing of the past."

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.