Findings from SecurityMetrics' Credit Card Discovery Tool
SecurityMetrics PANscan® is a card data discovery tool that businesses use to search for unprotected credit card data and to help confirm their PCI DSS audit scope.
Using automated card data discovery tools helps businesses find primary account numbers (PAN) on computer systems, networks, hard drives, and attached storage devices. Many businesses experience compromise because simple steps are not taken to ensure security. PANscan is a simple tool that helps limit business liability.
How much unencrypted card data has PANScan® found?
Since 2010, SecurityMetrics PANscan® discovered about 2 billion unencrypted primary account numbers (PAN) on business networks. Storage of unencrypted payment card data increases your organization's risk and liability in the event of a data breach.
In 2018, the results of SecurityMetrics’ PANscan showed that of users scanned, 85% had unencrypted payment card data on their devices and system–adding up to over 114 million cards found. While a few results are false positives, many businesses have successfully used the tool to remove unencrypted card data unintentionally stored on devices and systems, which could have been vulnerable to data breaches, data theft, and data leaks.
The percentage of businesses that improperly stored PAN has gone up each year, starting at 61% in 2015, 67% in 2016, 69% in 2017, and rising sharply in 2018 to 85%.
Alarmingly, 5% of businesses store magnetic full-track data, which is never permitted by the PCI DSS.