Data Pollution Dangers Grow Despite Payment Card Industry Regulations
Visa estimates that nearly one in every three consumer purchases in the United States is made with a payment card, leading to the exponential growth in information pollution ? too much data stored in too many places. According to experts at Blancco, a simple swipe of a credit card presents unnecessary risks alleviated by the implementation of robust data destruction processes.
?Merchants are storing more detailed information than required by credit card companies and are keeping this data longer than required by the U.S. Fair Business Credit Act, leaving consumers open to identity theft and other crimes,? said Markku Willgren, North American vice president of business and sales development for Blancco. ?Adding to this vulnerability, the data is often unnecessarily stored in multiple locations, ranging from point of sale (POS) registers to store servers and data centers.?
The Payment Card Industry (PCI) Security Standards Council has set forth numerous security requirements to protect the privacy of customer data. Yet, according to a recent study by Forrester Research, encryption is increasingly being used as the most common method for compliance. Encryption and virtual private networks (VPNs) for all transmitted data, however, do not protect the data at rest at either end, leaving information potentially accessible to criminals and hackers.
?Data in transit has become much more secure with the use of encryption, authentication, VPN technologies, secure shell, secure HTTP, WPA, firewalls, and other security measures, especially in the wake of recent high profile data breaches of wireless transmissions,? said Willgren. ?However, data at rest in too many locations for too long may become a target for criminals and, over time, weaken encryption protection.?
To minimize the risk to stored data, Willgren offers three suggestions:
· First, merchants should collect only necessary information ? such as the credit card number versus complete magnetic strip information.
· Data also should not be stored in the wrong places ? credit card numbers should not reside on a Windows POS system after a completed transaction and transmission to a store server.
· Finally, data on the Windows POS system or store server should be permanently destroyed as soon as possible after transfer to the data center.
Permanently destroying data requires more than basic Delete File and Empty Recycle Bin commands, which only remove direct pointers to data sectors and leave data recoverable with common software tools. In addition, the sheer volume of transactions makes these commands too laborious for POS staff or even store and data center IT personnel. The bottom line: Continuous IT housekeeping practices for effective, PCI compliant security require a centrally managed process that automatically destroys sensitive data in a timely manner.
Fully PCI compliant, Blancco?s File Shredder was developed for targeted destruction of sensitive data and allows IT personnel to automate housekeeping tasks with Department of Defense-grade permanent erasure on a time- or event-driven basis. The software leaves operating systems and applications intact on storage devices, while pinpointing sensitive information. Blancco File Shredder also logs the activity and creates documentation, which further supports PCI compliance. And, unlike other Windows desktop products that perform similar tasks, File Shredder scales from desktops and point-of-sale systems to servers and data centers.
?Blancco File Shredder is not an alternative to encryption, but a way to remove data before encryption is required,? said Willgren. ?Encryption itself is a computationally demanding process, and the less data a merchant maintains, the less encryption is required. Removing the opportunity for theft by destroying data is better than adding locks.?
File Shredder helps users mitigate the risks associated with a data breach. By providing ongoing housekeeping for targeted data destruction, the program is a critical tool in PCI compliance programs and an important factor in the reduction of the ever-growing problem of data pollution.
Source: www.blancco.com