"Because of its value on the black market, unencrypted card data, is essentially just a $50 bill lying on the sidewalk, waiting for a hacker to pick it up," said SecurityMetrics Director of Forensic Investigations, David Ellis. "Unencrypted card data is the 'low hanging fruit' that is ripe for easy picking, and it's what attackers first look for when they hack a business."
During its 2014 study, PANscan scanned 145,144 gigs of data on 2,590 computers and found:
- A total of 87,206,203 unencrypted payment cards
- 63.86% of businesses store unencrypted PAN data
- 7.37% of businesses store full magnetic stripe data, including PIN, CVV, service code, expiration date, cardholder name, and PAN.
"Unencrypted card data can easily occur at both small and large retail locations," said Gary Glover, Director of Security Assessment. "It may accidentally be saved on point of sale terminals, office workstations, hard drives, etc. due to misconfigured software, improper file removal, or restored backups."