UK businesses unwittingly make it easier for credit card fraudsters
Analysis by identity protection specialists Ground Labs, has found that the vast majority of UK businesses hold consumer credit card data unknowingly.
Holding credit card details in this way is a breach of Payment Card Industry Data Security Standards (PCI DSS) compliance obligations and can attract up to a £500,000 fine by the Information Commissioner Officer (ICO) in a case of a data breach.
Latest figures show that £341m was stolen in the UK in 2011 through credit card fraud.
There is a global black market for credit card data and hacking incidents have risen by 19% in the past six months.
The UK is consistently among the top three most targeted countries and in August 2012 suffered 69% of worldwide phishing attacks. Phishing attacks are
Mohamed Zouine, European director for Ground Labs, said: “What we have found is that even those businesses that believe that their systems are clean are carrying records that could be easily acquired by hackers.
“We believe a routine check should be as frequent as anti-virus checks. There are many ways in which card details can remain on business’s IT infrastructure unwittingly.
“Transaction logs sent back from banks, browser caches, email duplications and more can hold sensitive data that has a black market value in the wrong hands and can be used to defraud consumers.”
Ground Labs found that most businesses held some form of credit card information after its use.
Even businesses that claim to be compliant with agreed global standards for credit card data security hold rogue details, the Ground Labs survey has found.
There are various possible reasons for this, all linked to standard computer processes such as browser caches or email duplications.
Amongst the worst examples uncovered was a company that firmly believed it had no records.
It was found that the business actually held more than 20 million credit card numbers on servers throughout its network.
Many UK businesses have adopted an open mind, accepting there may be hidden data, and have already taken steps to identify and resolve any possible problems.
Ground Labs is advocating the use of a simple software programmes as part of businesses’ standard systems maintenance routine to detect and remove credit card details.
Zouine added: “The issue for small businesses is that they are far less protected than large corporations. It is relatively easy for an entrepreneurial thief to steal IT equipment or hack in to a business and retrieve valuable credit card data.”