Retail Technology
| Log in | Subscribe
Subscribe | Log in
Retail Technology
Subscribe

Businesses harbouring millions of credit card numbers could mean a bumper festive fraud season is literally on the cards

Businesses harbouring millions of credit card numbers could mean a bumper festive fraud season is literally on the cards

 

Analysis by identity protection specialist Ground Labs has found that the vast majority of UK businesses hold consumer credit card data unwittingly.

 

Holding credit card details in this way is a breach of Payment Card Industry Data Security Standards (PCI DSS) compliance obligations and can attract up to a £500,000 fine by the Information Commissioner Officer (ICO) in a case of a data breach.

 

Latest figures from the 2012 Financial Fraud Action UK report show that £341 million was stolen in the UK in 2011 through credit card fraud. In addition to the global black market for credit card data, a RSA online fraud report found hacking incidents rose by 19% in the past six months. It also found that the UK is consistently among the top three most targeted countries and in August 2012 suffered 69% of worldwide phishing attacks.

 

Credit card data cleansing routines required

 

A random survey of security experts who use Ground Labs software across more than 100 consumer-facing businesses found that every one of them had credit card details unwittingly stored on IT equipment. On average more than 1,000 credit card records were found by Ground Labs’ software within each business sampled.

 

Even businesses that claim to be compliant with agreed global standards for credit card data security hold rogue details, the Ground Labs survey found. The specialist said there may be various possible reasons for this, all linked to standard computer processes such as browser caches or email duplications.

 

Among the worst examples uncovered was a company that firmly believed it had no records. It was found that the business actually held more than 20 million credit card numbers on servers throughout its network.

 

“We have more than 1,000 businesses across the UK and Europe that have used our software and every single business found erroneous card records in its IT systems,” said European director for Ground Labs, Mohamed Zouine. “What we have found is that even those businesses that believe that their systems are clean are carrying records that could be easily acquired by hackers.”

 

Zouine added: “We believe a routine check should be as frequent as anti-virus checks. There are many ways in which card details can remain on business’s IT infrastructure unwittingly. Transaction logs sent back from banks, browser caches, email duplications and more can hold sensitive data that has a black market value in the wrong hands and can be used to defraud consumers.”