Card Recon 3.0.2

Compliance Report

The Card Recon compliance report summarizes all of Card Recon’s findings from a given scan.

Compliance report summarizing the clean locations, match count, Target count and remediation status of match locations.

Label Description
a Date and status of scan

Gives the host name of the host scanned, the date the scan started, and the date the scan was completed or stopped.

If the scan was canceled or stopped (you cannot generate a compliance report unless you complete or stop a scan), the report will state that the scan was "(canceled)".

b Compliance summary Summary of clean locations, match instances, and locations that contain prohibited matches.
c Scan parameters Summary of parameters applied to the scan, such as search filters and types of card data.
d Host and scan configuration Gives the host's IP address, the host's operating system, the total size of the data scanned, the version of Card Recon, and licensee details.
e Target summary

Shows the number of match locations and the number of matches, organized by targets.

Also shows the number of locations that cannot be accessed by Card Recon.

f Search Summary

Shows a summary of all match details.

  • Overview
    Provides total number of non-compliant match locations and total number of non-compliant matches found during the scan.
    Remediating and marking matches as "Remediated Manually", "False Match", and "Test Data" will reduce the number of non-compliant matches added to this match overview.
    See the section below on "Match status".
  • "By Status"
    Shows matches organized by status. See the section below on "Match status".
  • "By Card Brand"
    Shows matches organized by card brand; see Selecting Card Data Types.
  • "By Content Type"
    Shows matches organized by file format types.
    Card Recon has native support for certain file formats, and will scan these files with the appropriate decoder.
    For formats that Card Recon does not have native support for, Card Recon will decode by brute force.
    Matches found in files that Card Recon has scanned but does not have native support for will be reported as "Text or unknown" in the "By Content Type" category.

g Match detail and status

MATCH DETAIL

Match details are sorted into 3 columns:

  • "Test"
    The scanned locations that contain match test card patterns. These matches should not affect PCI compliance.
  • "Prohibited"
    The number of scanned locations that contain non-compliant match data. These locations should be checked and remediated for non-compliance as soon as possible.
  • "Cardholder"
    The total number of match instances found during the scan.

MATCH STATUS

Matches can be labeled with 6 different statuses. How a match is labeled will determine how it is reported in the compliance report.

  • "Unconfirmed Matches"
    "Unconfirmed" matches are data that match Card Recon's search patterns, and are likely to contain non-compliant data.
    This data should be reviewed and marked as "confirmed", a "false match", or "test data".
    Matches found during an initial scans will by default be marked as "unconfirmed", and will require review by the user.
  • "Confirmed Matches"
    "Confirmed" matches are matches that have been reviewed by the user and are found to contain non-compliant data.
  • "Remediated using Card Recon" *
    Matches that have been marked as "Remediated using Card Recon" are confirmed matches that have been remediated using Card Recon's built-in remediation tools.
    Remediating matches with Card Recon's built-in remediation tools will automatically mark them as "Remediated using Card Recon".
  • "Remediated Manually" *
    Matches that have been marked as "Remediated Manually" are confirmed matches that have been marked by a user as remediated with tools outside of Card Recon.
    Marking matches as having been "Remediated Manually" will not alter existing data.
    Card Recon cannot guarantee that matches that have been marked as manually remediated have been effectively remediated to comply with PCI DSS.
  • "False Match" *

    Matches that have been marked as a "False Match" are matches that have been reviewed and found to be false positives.

    When marking a match as a false match, Card Recon will ask if you would like to:

    • "Send encrypted false match samples to Ground Labs for permanent resolution": This would securely send data that you mark as false matches to Ground Labs so that future scans can be improved.
    • "Update configuration to exclude identical matches from future searches": This would update Card Recon's current search filters for the current session, and save a configuration file that contains a custom search filter to exclude the data marked as a false match from future searches. (For more information, see Save and Load Options).

    Search filters for the current session will only update if you check the "Update configuration to exclude identical matches from future searches" option before clicking Okay to confirm that the selected match is a false match.
  • "Test Data" *

    Matches that have been marked as "Test Data" are matches that have been reviewed and found to match data that are from test data sets.

    When marking a match as test data Card Recon will ask if you would like to:

    • "Update configuration to exclude identical matches from future searches": This would update Card Recon's current search filters for the current session, and save a configuration file that contains a custom search filter to exclude the data marked as a false match from future searches. (For more information, see Save and Load Options).

    Search filters for the current session will only update if you check the "Update configuration to exclude identical matches from future searches" option before clicking Okay to confirm that the selected match is a false match.