The Cardholder Data Discovery Tool
for PCI Compliance.
Card Recon is a PCI Compliance Cardholder Data Discovery tool for searching emails, databases, documents and more.
Card Recon scans every single file on any Server, Workstation or supported storage device for credit card data that could easily be stolen. With details reported and support for 7 platforms, Card Recon is the PCI Compliance tool of choice for >300 QSA's and >2,500 merchants across 80 countries.
1 year standard license (USD)
1 target$149.00per target
3 targets$99.00per target
10 targets$89.00per target
25 targets$79.00per target
50 targets$69.00per target
100 targets$59.00per target
Getting the job done shouldn't require lots of effort.
With Card Recon’s intuitive user interface, you can begin a full-featured cardholder data discovery search with no configuration or fine-tuning.
Card Recon searches everything: desktops, file servers, email servers, database servers, images, audio files, documents and more.
Card Recon automatically understands hundreds of major file formats. If cardholder data is hiding, Card Recon will find it.
Card Recon searches almost all offline and online storage locations, including workstations, file servers, NAS and SAN devices, Exchange, Gmail, Lotus Notes, Oracle, Amazon AWS Cloud and more.
Card Recon reports specify the file, document, email and/or database table where cardholder data was found, so you can directly target problem areas and secure them.
Reports can be exported in PDF, CSV, XML and raw text formats.
What happens after Card Recon completes a search?
Card Recon lets you easily remediate findings, ensuring that sensitive data can be redacted, quarantined or permanently deleted.
Card Recon can be run from anywhere, even a USB drive, without installation or third-party software. And Card Recon supports eight platforms, including multiple CPU architectures.
Card Recon uses only minimal CPU resources and memory. It's designed to minimise any impact on users or production applications, so there’s no need to schedule downtime.
Our data discovery algorithm was built specifically to identify sensitive data. Rest assured that you're running the most accurate search possible. Card Recon analyses each possible finding hundreds of times at lightning speed to save you time while identifying genuine security risks.
Tired of getting thousands of false positives with an open source or similar product? Card Recon uses a built-in false positive elimination algorithm to scrutinise every finding and deliver results you can trust with minimal false positives.
Millions of files, terabytes of data? No problem! When searching a target, Card Recon attempts to inspect every object, regardless of the file name or type. Most alternatives skip up to 60% of files if they are not supported — but that won't happen with Card Recon.
How many file formats are stored in your network? Card Recon identifies and reads the contents of hundreds of file formats, including office documents, text files, compressed files, databases, emails, images and audio files.
Card Recon has built-in support for ten major card types that are commonly used in more than 200 countries. This includes the five major card brands that require PCI compliance.
Card Recon recognises more than 160 combinations of PAN storage structures commonly used across ten card brands. Whether your data contains spaces, dashes or no separators at all, Card Recon will isolate and detect the PAN while minimising false positives.
PCI DSS requires that no live cardholder data is used in development and test environments. Card Recon makes the task of validating this easy by recognising more than 10,000 of the most common test cards used by payment processors and payment gateways globally. Furthermore, you can exclude your own set of test card numbers from the findings.
Need to exclude certain locations or number ranges within your company? With Card Recon, you can improve the accuracy of your search even further by applying filters to handle certain data locations differently. Features permit re-categorising numbers and including or excluding data by range, location, prefix and suffix. Card Recon also includes a powerful LUA scripting feature for power users who want greater control.
All Microsoft-supported versions of 32- and 64-bit Windows systems, including Windows 2000, Windows XP, XP Embedded, Windows Vista, Windows 7, Windows 8 and Windows Server 2000/2003/2008/2012 on Intel x86 CPU architectures.
Mac OSX 10.5 (Leopard) onwards on both Intel x86 and PowerPC CPU architectures.
All modern distributions of Linux supporting Kernel 2.4 and 2.6, including but not limited to Centos, Debian, Fedora, Redhat, Slackware, SUSE and Ubuntu on Intel x86 CPU architectures.
Distributions of FreeBSD 6.x, 7.x, 8.x and 9.x on Intel x86 CPU architectures.
Oracle-supported versions of Solaris, including 9.x, 10.x and 11.x on SPARC and Intel x86 CPU architectures.
HP-UX B11.11 for PA RISC and B.11.23 onward for Integrity (Intel Itanium) CPU architectures.
AIX 5.3, 6.1, 7.1 on pSeries CPU architectures.
Mid-range and Mainframe systems, with full support for IBM's Extended Binary Coded Decimal Interchange Code (EBCDIC) to read files copied from systems such as AS/400, S/390 and iSeries to be searched in their native form without modification.
Any text and markup language format including TXT, RTF, HTML, XML, and many more.
Popular office applications within Microsoft Office 95 / 97 / 2000 / XP / 2003 / 2007 / 2010 / 2013, Star Office, Open Office, Libre Office and Neo Office. Card Recon also provides full support for Abode PDF documents.
All the major and minor compression types in use today including 7zip, Bzip2, Gzip, LZMA, LZMA2, Ar, LZW (.Z), .EXE Self Extracting Executables, Microsoft Tape Backup Format, RAR, XZ, ZIP and all legacy codecs including implode, deflate, deflate64, bz2, lzma and ppmd.
Search live and offline databases with Card Recon to discover where cardholder data is stored. Live search eliminates any downtime or impact on offline/detached databases and their backups. Reporting displays the table name and, where available, column name. Card Recon also detects data stored as binary large objects (BLOBS).
Supported databases for live search include DB2, MySQL, Microsoft SQL Server, Oracle, PostgreSQL, and SAP Sybase.
Supported databases for offline, file-based search include Microsoft Access, SQLite, DBase, Microsoft SQL Server (MDF and LDF), and Microsoft Tape Binary backup (BKF) of an MSSQL server.
Need to search a large email system with lots of mailboxes?
Card Recon can scan popular enterprise mail systems in live or offline mode. An email search includes attachments and detailed offline reports showing the sender, receiver and many other important details to identify how cardholder data is being stored and transmitted.
Offline file support includes Microsoft Outlook PST, OST (2003 - 2010), Outlook Express, Lotus Notes NSF, Thunderbird, Eudora, Exim, Courier, Postfix, QMail, Maildir, Sendmail,DBX, MBox, and any standard MIME data formats.
Live mail scanning includes Microsoft Exchange, Gmail for Business and Lotus Notes.
Is your system storing scanned images or handwritten card numbers?
Some software solutions are unable to identify these data security risks, but Card Recon has built-in Image decoding and optical character recognition (OCR) capabilities to read the contents of image files and discover typed or handwritten cardholder data with impressive accuracy.
Operate a call centre IVR that uses call recording?
Card Recon understands common audio file formats and will recognise cardholder data entered using a telephone keypad (DTMF tones) from pay-by-phone and IVR transactions which have been inadvertently recorded. Supported formats include WAV PCM 8/16bit mono/stereo.
PCI DSS requires that you are aware of all the locations where cardholder data is stored. Card Recon offers multiple ways to help you identify every instance, so you receive a complete picture of every single credit and debit card number that may be stored in your system.
Search all local storage on a desktop, laptop, workstation or server, including fixed drives, removable drives and any accessible location where data can be stored.
Do your employees discard sensitive data simply by deleting it? If so, you may be inadvertently storing sensitive data that can be recovered easily by commonly available tools. Card Recon solves this problem by searching all the free space on a local system for deleted files and identifying any remaining cardholder data.
Windows automatically backs up file changes to a hidden area of your computer called a shadow volume. Most aren't aware that large volumes of sensitive data may be hiding here.
Card Recon helps you address this potential security risk by searching all shadow volumes for sensitive cardholder data.
With the rising use of memory scraping malware, your company needs the ability to audit the memory usage of applications for protection against data breaches. Card Recon simplifies this process by enabling auditing of memory for any cardholder data across any supported end-point.
Storing data on a centralised SAN or NAS devices?
No problem. Card Recon enables remote scanning of network drives with advanced controls to to reduce network impact by limiting the speed of data transfer.
Running mission-critical enterprise databases?
Card Recon enables live searching of the most popular enterprise database servers, including Oracle, DB2, Microsoft SQL Server, SAP Sybase, MySQL and PostgreSQL.
Would you like to scan a user mailbox on a live email server?
Card Recon can scan most popular email services live via a standard IMAP connection including Microsoft Exchange, Gmail and more. When scanning a mailbox, Card Recon searches every email within your chosen mailbox(s) and any attachments, including multilayered compressed files.
The Cloud is everywhere. Does that mean your cardholder data storage is everywhere too?
Cloud data storage is proliferating, so it must be searched for cardholder data. Card Recon remotely searches popular Cloud platforms, including Amazon AWS and Google Apps (Calendar, Drive, Mail, and Tasks).
Immediately see your total risk position, including a breakdown of normal and prohibited (Track1/2) findings.
Card Recon displays a complete breakdown by target type showing you the highest risk areas of all targets searched, so you know precisely where each set of findings is located.
If Card Recon finds multiple card types, a breakdown is included in your report.
View a detailed breakdown of every finding on each end-point, including every file, database, and email containing sensitive data with a complete count of data types.
If Card Recon finds emails with cardholder data, the report will identify which emails contain cardholder data, including the sender, recipient(s), subject and timestamp. The report will also list attachments containing cardholder data, if applicable.
Card Recon details the contents of any recognised databases so you can see the table names and, in some cases, the column names where cardholder data was found.
For those who seek even more detail, Card Recon displays a sample of masked PANs found in each file. This allows you to perform further verification of findings at the file level.
Card Recon displays reports on screen, via email and as an offline report for use with another Card Recon instance. Available report formats include HTML, text, CSV and PDF.
Don't need to retain any of the data? Card Recon’s Secure Delete feature can be used on accessible stored files to permanently erase any trace of the data, rendering it completely unrecoverable by undelete and forensic tools.
Want to keep the data, but need to store it more securely? Secure Quarantine lets you move accessible files to a secure location while permanently erasing it from the location where it was found.
Want to eliminate the sensitive PAN data, but keep all the surrounding data? The Cardholder Data Masking feature enables masking of each PAN within text based log files, configuration files and other simple files types stored on disk. For example, 1234000000005678 becomes 123400xxxxxx5678, thus rendering the data PCI DSS compliant.
Do you have a business-justified reason to be storing sensitive data, yet can’t afford to let it fall into the wrong hands? Secure sensitive yet important data via encryption, locking the files down with a password only relevant parties will know.
When Card Recon finds something, it shows you exactly where. Card Recon shows you the contents of a file and highlights exactly where the cardholder data was discovered. This simplifies the verification of results.
As you review each finding, you can tag it with an appropriate classification marking. Then you can enhance the Card Recon report by displaying a breakdown by classification markings.
Want to generate results on one host and view the reports from another? No problem. Card Recon’s Results Database enables this whilst using AES 128-bit encryption to ensure your Card Recon result data stays secure.
Want to suspend a Card Recon search during a particular time window to create a backup or perform maintenance? Card Recon has an automatic suspend search feature that can be used to halt a Card Recon search during specific times of the day when high-load tasks are running.
Want to limit who can run Card Recon within your organisation? Card Recon offers offline and online authentication options. In online mode, Card Recon access can be restricted to require a username and password, or you can opt for simplified authentication using a scan activation token. Alternatively, an offline license can be used for systems operating in a locked-down DMZ.
Want to save multiple reports in different locations? Card Recon makes it simple to specify multiple locations and formats when saving search results for multiple users.