Credit card and debit card details are being stored unencrypted
Companies are unwittingly storing payment information, leaving them open to fraud, Ground Labs claims.
UK businesses are taking inadequate steps to safeguard customers' credit and debit card details, storing them in unencrypted files where they are at risk of being stolen.
Data security firm Ground Labs, discovered that each respondent was, on average, holding in excess of 1,000 customer credit card records in basic, unsecured files, such as Excel spreadsheets, pdfs and PSTs. Worryingly, the organisations in most cases had no idea they had the data stored.
A routine check (to see if card data is being stored) should be as frequent as anti-virus checks.
Storing data in this way increases the risk of a data breach, Ground Labs claims, and is a contravention of Payment Card Industry Data Security Standards compliance obligations. If customer data were to be accessed by an outside agent, or accidentally published or lost, it could also result in a 500,000 fine for the company in question.
The findings come just one month after the publication of a report by Financial Fraud Action UK, which showed 341 million was stolen from UK credit and debit cards over the course of 2011.
Mohamed Zouine, European director for Ground Labs, said: "There are many ways in which card details can remain on business's IT infrastructure unwittingly. Transaction logs sent back from banks, browser caches, email duplications and more can hold sensitive data that has a black market value in the wrong hands and can be used to defraud consumers."
"Even those businesses that believe that their systems are clean are carrying records that could be easily acquired by hackers. We believe a routine check [to see if card data is being stored] should be as frequent as anti-virus checks," he said.
An ICO spokesperson told IT Pro that Organisations must keep track of the personal data they are processing, otherwise they may risk breaching the Data Protection Act.
"Good information handling makes good business sense: it is in a business's best interests that they get it right when it comes to looking after people's information," it added.
The definitive guide to warehouse efficiency
Get your free guide to creating efficiencies in the warehouseFree download
The total economic impact™ of Datto
Cost savings and business benefits of using Datto Integrated SolutionsDownload now
Three-step guide to modern customer experience
Support the critical role CX plays in your businessFree download
The global state of the channelDownload now