Credit card and debit card details are being stored unencrypted

Companies are unwittingly storing payment information, leaving them open to fraud, Ground Labs claims.

digital padlocks

UK businesses are taking inadequate steps to safeguard customers' credit and debit card details, storing them in unencrypted files where they are at risk of being stolen.

Data security firm Ground Labs, discovered that each respondent was, on average, holding in excess of 1,000 customer credit card records in basic, unsecured files, such as Excel spreadsheets, pdfs and PSTs. Worryingly, the organisations in most cases had no idea they had the data stored.

A routine check (to see if card data is being stored) should be as frequent as anti-virus checks.

Storing data in this way increases the risk of a data breach, Ground Labs claims, and is a contravention of Payment Card Industry Data Security Standards compliance obligations. If customer data were to be accessed by an outside agent, or accidentally published or lost, it could also result in a 500,000 fine for the company in question.

The findings come just one month after the publication of a report by Financial Fraud Action UK, which showed 341 million was stolen from UK credit and debit cards over the course of 2011.

Mohamed Zouine, European director for Ground Labs, said: "There are many ways in which card details can remain on business's IT infrastructure unwittingly. Transaction logs sent back from banks, browser caches, email duplications and more can hold sensitive data that has a black market value in the wrong hands and can be used to defraud consumers."

"Even those businesses that believe that their systems are clean are carrying records that could be easily acquired by hackers. We believe a routine check [to see if card data is being stored] should be as frequent as anti-virus checks," he said.

An ICO spokesperson told IT Pro that Organisations must keep track of the personal data they are processing, otherwise they may risk breaching the Data Protection Act.

"Good information handling makes good business sense: it is in a business's best interests that they get it right when it comes to looking after people's information," it added.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Cyber criminals leak one million credit cards on the dark web
cyber crime

Cyber criminals leak one million credit cards on the dark web

10 Aug 2021
SentiLink raises $70 million for its identity verification platform
identity theft

SentiLink raises $70 million for its identity verification platform

5 Aug 2021
ICO launches AI risk assessment toolkit for businesses
Information Commissioner

ICO launches AI risk assessment toolkit for businesses

21 Jul 2021
What is the Information Commissioner’s Office (ICO)?
Information Commissioner

What is the Information Commissioner’s Office (ICO)?

15 Jul 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

17 Sep 2021
London ranks second to Silicon Valley as world's best startup hub
startups

London ranks second to Silicon Valley as world's best startup hub

22 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021