Credit card and debit card details are being stored unencrypted
Companies are unwittingly storing payment information, leaving them open to fraud, Ground Labs claims.
UK businesses are taking inadequate steps to safeguard customers' credit and debit card details, storing them in unencrypted files where they are at risk of being stolen.
Data security firm Ground Labs, discovered that each respondent was, on average, holding in excess of 1,000 customer credit card records in basic, unsecured files, such as Excel spreadsheets, pdfs and PSTs. Worryingly, the organisations in most cases had no idea they had the data stored.
A routine check (to see if card data is being stored) should be as frequent as anti-virus checks.
Storing data in this way increases the risk of a data breach, Ground Labs claims, and is a contravention of Payment Card Industry Data Security Standards compliance obligations. If customer data were to be accessed by an outside agent, or accidentally published or lost, it could also result in a 500,000 fine for the company in question.
The findings come just one month after the publication of a report by Financial Fraud Action UK, which showed 341 million was stolen from UK credit and debit cards over the course of 2011.
Mohamed Zouine, European director for Ground Labs, said: "There are many ways in which card details can remain on business's IT infrastructure unwittingly. Transaction logs sent back from banks, browser caches, email duplications and more can hold sensitive data that has a black market value in the wrong hands and can be used to defraud consumers."
"Even those businesses that believe that their systems are clean are carrying records that could be easily acquired by hackers. We believe a routine check [to see if card data is being stored] should be as frequent as anti-virus checks," he said.
An ICO spokesperson told IT Pro that Organisations must keep track of the personal data they are processing, otherwise they may risk breaching the Data Protection Act.
"Good information handling makes good business sense: it is in a business's best interests that they get it right when it comes to looking after people's information," it added.
BCDR buyer's guide for MSPs
How to choose a business continuity and disaster recovery solutionDownload now
The definitive guide to IT security
Protecting your MSP and your customersDownload now
Cost of a data breach report 2020
Find out what factors help mitigate breach costsDownload now
The complete guide to changing your phone system provider
Optimise your phone system for better business resultsDownload now