Introduction

One of the most challenging areas of the PCI DSS and PCI PA-DSS concerns the storage and protection of payment card data. Organisations have traditionally had difficulty in verifying where Card Holder Data is being stored and if protection is being used.

The Importance of PCI Compliance and Secure Payment Card Data Storage

Insecure storage of payment card data is irresponsible. It is also violates many requirements stated in the PCI DSS (Payment Card Industry Data Security Standard). Insecure storage also leaves payment card numbers vulnerable to hacking attempts and data compromise leading to credit card fraud.

Secure storage can be achieved by scanning your system for payment card numbers. After scanning, any numbers found in your system should be encrypted and stored in an unreadable state. This approach will enable an organization to verify any storage of payment card numbers will be rendered useless to hackers and other individuals with malicious intent towards it.

The Threat of Identity Theft

Identity theft is one of the biggest problems faced by the payment card community today. Hackers and identity thieves make a living by stealing important personal information such as names, social security numbers and payment card data. Once they have obtained such information, they may choose to use it for themselves or sell it in the black market for as high as US $20 per record or more.

This type of theft is often a silent one. So many people continue with their daily activities without knowing whether or not their identities have been stolen. They end up finding out too late. Most of them realize what’s going on once they view their credit card statement showing transactions they have no prior knowledge of.

These situations are avoidable and it starts with the initial capture point for a transaction – the merchant. The most important prevention method to avoid common data compromises it to ensure secure storage of payment card data.

The Need for Regular System Scans

Regular checking and network scanning is necessary. Especially for companies that constantly deal with payment card data. This is to ensure no payment card data is left in a readable state. No matter how careful companies claim to be, there is always a chance that an unencrypted number is left out it the open. It may be stored in emails, spreadsheets, temporary text files or other forms of unsecured storage or transmission channels.

A regular scan is also important because it helps ensure that in the event of system compromise – hackers will not be able to find as many unencrypted numbers as they would have if the system wasn’t scanned. A periodic check will also help a company become compliant with the PCI standards.

Customer Trust and Confidence

With the alarming rate of identity theft cases, customers themselves are on high alert. They no longer give out their payment card numbers haphazardly. They only entrust these numbers to stores and companies which they know will safely store their private data.

Organizations that constantly handle payment card numbers need to provide assurance to customers that their accounts are safe and secure.

You can achieve safe storage and conduct regular system scans by availing specialized software such as Card Recon Standard Edition. This software will assist towards achieving PCI Compliance for any systems that store or handle payment card information. It will also provide verification that your client’s payment card numbers are not inappropriately stored leading to theft of data.