Ground Labs | Audit payment card storage for PCI Compliance

Find sensitive data before someone else does.

100k Cards Breached - Avoid Being the Next in Line

..Yet another example that today's hacker is more motivated by financial gain than ever before with stolen payment cards continuing to be actively traded on the black market. In this example an organisation in Finland was breached with over 100,00 payment cards exposed. Whilst this is a small incident compared with others experienced over the past 5 years, it is a gentle reminder to organisations that store, transmit or process payment card data and in particular, those who remain unaware of what sensitive data resides on their internal and external systems.

Finland Data Breach results in over 100,000 payment cards stolen

http://www.yle.fi/uutiset/news/2010/02/hackers_get_data_on_10s_of_thousands_of_payment_cards_1464115.html

At Ground Labs we continually receive updates on the latest data compromises to occur which only continues to highlight the problem of insecure sensitive information storage. A compromise earlier this year in Finland reminds us of the dangers that organisations who store, tranmit or process payment cards face.

Organisations who utilise Card Recon can reduce the risks from becoming the next victim of such a crime through the identification and removal of all unencrypted and unprotected Card Holder Data (CHD). We continue to hear from new customers who were already PCI Compliant and have had their PCI QSA perform an onsite review against the 12 requirements of the PCI DSS, yet still find large volumes of stored payment card numbers the first time they run Card Recon.

Whilst this example highlights the power of Card Recon, we remind all organisations that whether or not you decide to use Card Recon as part of your PCI Compliance programme, you must still ensure appropriate ongoing controls are in place to manage and limit further leakage of such information and enforce ongoing compliance with all aspects of the Payment Card Industry Data Security Standards (non-compliant storage is only part of the problems that we commonly see).

It is important to remember that being PCI Compliant is not one-off event. It is an ongoing process that must be managed, maintained and continually verified to ensure an organisation continues upholding a strong security posture of it's systems, policies and procedures related to the transmission, processing and storage of payment card data.

For more information on Card Recon please visit our product information page.

For more information on PCI Compliance or to download the PCI DSS please visit the Payment Card Industry Security Standards Council website

“...In every case I have used Card Recon, even when scanning well managed systems it has identified stored credit card data that had been previously undetected. This is proof of the value of Card Recon ...”

Kelvin Heath, Director of Security
Vectra Corporation Ltd
QSA CISA CISSP CISM

“...We have been amazed at the depth of scanning Card Recon performs and the unexpected places where it is able to detect cards. Without a doubt Card Recon is a very effective PCI compliance software tool for any organisation looking to find stored credit card data....”

Joel Duckworth, Head of Technology
Paycorp Payment Solutions

News, Articles, and Press

100k Cards Breached - Avoid Being the Next in Line

The Importance of PCI Compliance and Secure Payment Card Data Storage

Ground Labs Releases Solution to Reduce Credit Card Data Theft