The Cardholder Data Discovery Tool
for PCI Compliance.

Card Recon is a PCI Compliance Cardholder Data Discovery tool for searching emails, databases, documents and more.

Card Recon scans every single file on any Server, Workstation or supported storage device for credit card data that could easily be stolen. With details reported and support for 7 platforms, Card Recon is the PCI Compliance tool of choice for >300 QSA's and >2,500 merchants across 80 countries.

Cardholder Data Discovery for PCI compliance
Pricing Overview
  • 1 year standard license (USD)
  • 1 target
    $149.00
    per target
  • 3 targets
    $99.00
    per target
  • 10 targets
    $89.00
    per target
  • 25 targets
    $79.00
    per target
  • 50 targets
    $69.00
    per target
  • 100 targets
    $59.00
    per target
Card Recon Features
Built for PCI Compliance

Getting the job done shouldn't require lots of effort.

With Card Recon’s intuitive user interface, you can begin a full-featured cardholder data discovery search with no configuration or fine-tuning.

Built for PCI Compliance
Accurate and Powerful
Accurate and Powerful

Card Recon searches everything: desktops, file servers, email servers, database servers, images, audio files, documents and more.

Card Recon automatically understands hundreds of major file formats. If cardholder data is hiding, Card Recon will find it.

Search Almost Anything

Card Recon searches almost all offline and online storage locations, including workstations, file servers, NAS and SAN devices, Exchange, Gmail, Lotus Notes, Oracle, Amazon AWS Cloud and more.

Search Almost Anything
PCI Compliance Reporting
PCI Compliance Reporting

Card Recon reports specify the file, document, email and/or database table where cardholder data was found, so you can directly target problem areas and secure them.

Reports can be exported in PDF, CSV, XML and raw text formats.

Powerful Remediation

What happens after Card Recon completes a search?

Card Recon lets you easily remediate findings, ensuring that sensitive data can be redacted, quarantined or permanently deleted.

Powerful Remediation
8 Platforms with No Installation Required
8 Platforms with No Installation Required

Card Recon can be run from anywhere, even a USB drive, without installation or third-party software. And Card Recon supports eight platforms, including multiple CPU architectures.

Low CPU Usage

Card Recon uses only minimal CPU resources and memory. It's designed to minimise any impact on users or production applications, so there’s no need to schedule downtime.

Low CPU Usage
Next up: Accuracy
Built for Accuracy

Our data discovery algorithm was built specifically to identify sensitive data. Rest assured that you're running the most accurate search possible. Card Recon analyses each possible finding hundreds of times at lightning speed to save you time while identifying genuine security risks.

Built for Accuracy
Low False Positives
Low False Positives

Tired of getting thousands of false positives with an open source or similar product? Card Recon uses a built-in false positive elimination algorithm to scrutinise every finding and deliver results you can trust with minimal false positives.

Inspects Everything

Millions of files, terabytes of data? No problem! When searching a target, Card Recon attempts to inspect every object, regardless of the file name or type. Most alternatives skip up to 60% of files if they are not supported — but that won't happen with Card Recon.

Inspects Everything
Hundreds of File Types
Hundreds of File Types

How many file formats are stored in your network? Card Recon identifies and reads the contents of hundreds of file formats, including office documents, text files, compressed files, databases, emails, images and audio files.

10 Card Brands

Card Recon has built-in support for ten major card types that are commonly used in more than 200 countries. This includes the five major card brands that require PCI compliance.

10 Card Brands
> 160 PAN Formats
>160 PAN Formats

Card Recon recognises more than 160 combinations of PAN storage structures commonly used across ten card brands. Whether your data contains spaces, dashes or no separators at all, Card Recon will isolate and detect the PAN while minimising false positives.

Recognition of Test Cards

PCI DSS requires that no live cardholder data is used in development and test environments. Card Recon makes the task of validating this easy by recognising more than 10,000 of the most common test cards used by payment processors and payment gateways globally. Furthermore, you can exclude your own set of test card numbers from the findings.

Recognition of Test Cards
Powerful Search Filters
Powerful Search Filters

Need to exclude certain locations or number ranges within your company? With Card Recon, you can improve the accuracy of your search even further by applying filters to handle certain data locations differently. Features permit re-categorising numbers and including or excluding data by range, location, prefix and suffix. Card Recon also includes a powerful LUA scripting feature for power users who want greater control.

Next up: Platform Support
Windows

All Microsoft-supported versions of 32- and 64-bit Windows systems, including Windows 2000, Windows XP, XP Embedded, Windows Vista, Windows 7, Windows 8 and Windows Server 2000/2003/2008/2012 on Intel x86 CPU architectures.

Windows
Mac OSX
Mac OSX

Mac OSX 10.5 (Leopard) onwards on both Intel x86 and PowerPC CPU architectures.

Linux

All modern distributions of Linux supporting Kernel 2.4 and 2.6, including but not limited to Centos, Debian, Fedora, Redhat, Slackware, SUSE and Ubuntu on Intel x86 CPU architectures.

Linux
FreeBSD
FreeBSD

Distributions of FreeBSD 6.x, 7.x, 8.x and 9.x on Intel x86 CPU architectures.

Solaris

Oracle-supported versions of Solaris, including 9.x, 10.x and 11.x on SPARC and Intel x86 CPU architectures.

Solaris
HP-UX
HP-UX

HP-UX B11.11 for PA RISC and B.11.23 onward for Integrity (Intel Itanium) CPU architectures.

IBM AIX

AIX 5.3, 6.1, 7.1 on pSeries CPU architectures.

IBM AIX
EBCDIC for Mainframes
EBCDIC for Mainframes

Mid-range and Mainframe systems, with full support for IBM's Extended Binary Coded Decimal Interchange Code (EBCDIC) to read files copied from systems such as AS/400, S/390 and iSeries to be searched in their native form without modification.

Next up: File Formats
Text Files

Any text and markup language format including TXT, RTF, HTML, XML, and many more.

Text Files
Office Documents
Office Documents

Popular office applications within Microsoft Office 95 / 97 / 2000 / XP / 2003 / 2007 / 2010 / 2013, Star Office, Open Office, Libre Office and Neo Office. Card Recon also provides full support for Abode PDF documents.

Compressed Files

All the major and minor compression types in use today including 7zip, Bzip2, Gzip, LZMA, LZMA2, Ar, LZW (.Z), .EXE Self Extracting Executables, Microsoft Tape Backup Format, RAR, XZ, ZIP and all legacy codecs including implode, deflate, deflate64, bz2, lzma and ppmd.

Compressed Files
Live and Offline Databases
Live and Offline Databases

Search live and offline databases with Card Recon to discover where cardholder data is stored. Live search eliminates any downtime or impact on offline/detached databases and their backups. Reporting displays the table name and, where available, column name. Card Recon also detects data stored as binary large objects (BLOBS).

Supported databases for live search include DB2, MySQL, Microsoft SQL Server, Oracle, PostgreSQL, and SAP Sybase.

Supported databases for offline, file-based search include Microsoft Access, SQLite, DBase, Microsoft SQL Server (MDF and LDF), and Microsoft Tape Binary backup (BKF) of an MSSQL server.

Live and Offline Email

Need to search a large email system with lots of mailboxes?

Card Recon can scan popular enterprise mail systems in live or offline mode. An email search includes attachments and detailed offline reports showing the sender, receiver and many other important details to identify how cardholder data is being stored and transmitted.

Offline file support includes Microsoft Outlook PST, OST (2003 - 2010), Outlook Express, Lotus Notes NSF, Thunderbird, Eudora, Exim, Courier, Postfix, QMail, Maildir, Sendmail,DBX, MBox, and any standard MIME data formats.

Live mail scanning includes Microsoft Exchange, Gmail for Business and Lotus Notes.

Live and Offline Email
Images and Forms
Images and Forms

Is your system storing scanned images or handwritten card numbers?

Some software solutions are unable to identify these data security risks, but Card Recon has built-in Image decoding and optical character recognition (OCR) capabilities to read the contents of image files and discover typed or handwritten cardholder data with impressive accuracy.

Audio Files

Operate a call centre IVR that uses call recording?

Card Recon understands common audio file formats and will recognise cardholder data entered using a telephone keypad (DTMF tones) from pay-by-phone and IVR transactions which have been inadvertently recorded. Supported formats include WAV PCM 8/16bit mono/stereo.

Audio Files
Everything Else
Everything Else

PCI DSS requires that you are aware of all the locations where cardholder data is stored. Card Recon offers multiple ways to help you identify every instance, so you receive a complete picture of every single credit and debit card number that may be stored in your system.

Next up: Target Types
Local Storage

Search all local storage on a desktop, laptop, workstation or server, including fixed drives, removable drives and any accessible location where data can be stored.

Local Storage
Deleted Files
Deleted Files

Do your employees discard sensitive data simply by deleting it? If so, you may be inadvertently storing sensitive data that can be recovered easily by commonly available tools. Card Recon solves this problem by searching all the free space on a local system for deleted files and identifying any remaining cardholder data.

Shadow Volumes

Windows automatically backs up file changes to a hidden area of your computer called a shadow volume. Most aren't aware that large volumes of sensitive data may be hiding here.

Card Recon helps you address this potential security risk by searching all shadow volumes for sensitive cardholder data.

Shadow Volumes
Memory
Memory

With the rising use of memory scraping malware, your company needs the ability to audit the memory usage of applications for protection against data breaches. Card Recon simplifies this process by enabling auditing of memory for any cardholder data across any supported end-point.

Network Storage

Storing data on a centralised SAN or NAS devices?

No problem. Card Recon enables remote scanning of network drives with advanced controls to to reduce network impact by limiting the speed of data transfer.

Network Storage
Database Servers
Database Servers

Running mission-critical enterprise databases?

Card Recon enables live searching of the most popular enterprise database servers, including Oracle, DB2, Microsoft SQL Server, SAP Sybase, MySQL and PostgreSQL.

Email Servers

Want to scan a live email server or a specific user mailbox?

Card Recon can scan most popular email services live via a standard IMAP connection. Native support is included for Microsoft Exchange, Lotus Notes and Gmail. When scanning a mailbox, you can rest assured that Card Recon will search every available email and any attachments, including multi-layered compressed files.

Email Servers
The Cloud
The Cloud

The Cloud is everywhere. Does that mean your cardholder data storage is everywhere too?

Cloud data storage is proliferating, so it must be searched for cardholder data. Card Recon remotely searches popular Cloud platforms, including Amazon AWS and Google Apps (Calendar, Drive, Mail, and Tasks).

Next up: Reporting
Clear Summary

Immediately see your total risk position, including a breakdown of normal and prohibited (Track1/2) findings.

Clear Summary
Target Location
Target Location

Card Recon displays a complete breakdown by target type showing you the highest risk areas of all targets searched, so you know precisely where each set of findings is located.

Card Type

If Card Recon finds multiple card types, a breakdown is included in your report.

Card Type
File Type
File Type

View a detailed breakdown of every finding on each end-point, including every file, database, and email containing sensitive data with a complete count of data types.

Emails

If Card Recon finds emails with cardholder data, the report will identify which emails contain cardholder data, including the sender, recipient(s), subject and timestamp. The report will also list attachments containing cardholder data, if applicable.

Emails
Databases
Databases

Card Recon details the contents of any recognised databases so you can see the table names and, in some cases, the column names where cardholder data was found.

Masked PAN Samples

For those who seek even more detail, Card Recon displays a sample of masked PANs found in each file. This allows you to perform further verification of findings at the file level.

Masked PAN Samples
Multiple Viewing Options
Multiple Viewing Options

Card Recon displays reports on screen, via email and as an offline report for use with another Card Recon instance. Available report formats include HTML, text, CSV and PDF.

Next up: Remediation
Secure Delete

Don't need to retain any of the data? Card Recon’s Secure Delete feature can be used on accessible stored files to permanently erase any trace of the data, rendering it completely unrecoverable by undelete and forensic tools.

Secure Delete
Secure Quarantine
Secure Quarantine

Want to keep the data, but need to store it more securely? Secure Quarantine lets you move accessible files to a secure location while permanently erasing it from the location where it was found.

Mask Cardholder Data

Want to eliminate the sensitive PAN data, but keep all the surrounding data? The Cardholder Data Masking feature enables masking of each PAN within text based log files, configuration files and other simple files types stored on disk. For example, 1234000000005678 becomes 123400xxxxxx5678, thus rendering the data PCI DSS compliant.

Mask Cardholder Data

Please note: Not all file formats or target types allow remediation actions to be performed.

Next up: Want More ?
On-Screen File Viewer

When Card Recon finds something, it shows you exactly where. Card Recon shows you the contents of a file and highlights exactly where the cardholder data was discovered. This simplifies the verification of results.

On-Screen File Viewer
Mark and Classify Findings
Mark and Classify Findings

As you review each finding, you can tag it with an appropriate classification marking. Then you can enhance the Card Recon report by displaying a breakdown by classification markings.

Portable Results

Want to generate results on one host and view the reports from another? No problem. Card Recon’s Results Database enables this whilst using AES 128-bit encryption to ensure your Card Recon result data stays secure.

Portable Results
Suspend Search Schedule
Suspend Search Schedule

Want to suspend a Card Recon search during a particular time window to create a backup or perform maintenance? Card Recon has an automatic suspend search feature that can be used to halt a Card Recon search during specific times of the day when high-load tasks are running.

User Authentication

Want to limit who can run Card Recon within your organisation? Card Recon offers offline and online authentication options. In online mode, Card Recon access can be restricted to require a username and password, or you can opt for simplified authentication using a scan activation token. Alternatively, an offline license can be used for systems operating in a locked-down DMZ.

User Authentication
Command Line and GUI
Command Line and GUI

Card Recon offers a beautiful, powerful, and simple graphical user interface (GUI) for Windows platforms. Power users may prefer the command line version, which is available for all platforms.

Multiple Reports

Want to save multiple reports in different locations? Card Recon makes it simple to specify multiple locations and formats when saving search results for multiple users.

Multiple Reports
Next up: Full Screen Tour