Credit card and debit card details are being stored unencrypted

Companies are unwittingly storing payment information, leaving them open to fraud, Ground Labs claims.

digital padlocks

UK businesses are taking inadequate steps to safeguard customers' credit and debit card details, storing them in unencrypted files where they are at risk of being stolen.

Data security firm Ground Labs, discovered that each respondent was, on average, holding in excess of 1,000 customer credit card records in basic, unsecured files, such as Excel spreadsheets, pdfs and PSTs. Worryingly, the organisations in most cases had no idea they had the data stored.

A routine check (to see if card data is being stored) should be as frequent as anti-virus checks.

Storing data in this way increases the risk of a data breach, Ground Labs claims, and is a contravention of Payment Card Industry Data Security Standards compliance obligations. If customer data were to be accessed by an outside agent, or accidentally published or lost, it could also result in a 500,000 fine for the company in question.

The findings come just one month after the publication of a report by Financial Fraud Action UK, which showed 341 million was stolen from UK credit and debit cards over the course of 2011.

Mohamed Zouine, European director for Ground Labs, said: "There are many ways in which card details can remain on business's IT infrastructure unwittingly. Transaction logs sent back from banks, browser caches, email duplications and more can hold sensitive data that has a black market value in the wrong hands and can be used to defraud consumers."

"Even those businesses that believe that their systems are clean are carrying records that could be easily acquired by hackers. We believe a routine check [to see if card data is being stored] should be as frequent as anti-virus checks," he said.

An ICO spokesperson told IT Pro that Organisations must keep track of the personal data they are processing, otherwise they may risk breaching the Data Protection Act.

"Good information handling makes good business sense: it is in a business's best interests that they get it right when it comes to looking after people's information," it added.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

Defense Dept. expands vulnerability disclosure program to all publicly accessible defense systems
ethical hacking

Defense Dept. expands vulnerability disclosure program to all publicly accessible defense systems

5 May 2021
Security researchers take control of a Tesla via drone
ethical hacking

Security researchers take control of a Tesla via drone

5 May 2021
Best free malware removal tools 2021
Security

Best free malware removal tools 2021

5 May 2021
Acuant acquires identity verification provider Hello Soda
mergers and acquisitions

Acuant acquires identity verification provider Hello Soda

4 May 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021
Dell patches vulnerability affecting hundreds of computer models worldwide
cyber security

Dell patches vulnerability affecting hundreds of computer models worldwide

5 May 2021