Information Security Consulting
Storage and processing of client sensitive data and private personal information such as customer names, addresses, bank account details or credit card numbers have many commercial,
legal and regulatory implications upon the processing entities.
If this data is compromised, inadvertently leaked, misplaced or simply stored longer than it should be, the processing entities run the risk of non-compliance and substantial fines from regulators such as the Financial Conduct Authority (FCA), the Information Commissioner’s Office (ICO) and Credit Card Schemes like Visa, MasterCard, JCB, Discover and American Express.
If this data is compromised, inadvertently leaked, misplaced or simply stored longer than it should be, the processing entities run the risk of non-compliance and substantial fines from regulators such as the Financial Conduct Authority (FCA), the Information Commissioner’s Office (ICO) and Credit Card Schemes like Visa, MasterCard, JCB, Discover and American Express.
This is in addition to the reputational risk and brand damage that is caused when an entity hits the news and it is made public that they have suffered a suspected or confirmed data
breach. Trying to recover customer confidence and rebuild the reputation in a brand that has been a victim of a data breach is not a simple task, and could be crippling to a
business’s future.
Under the Payment Card Industry Data Security Standard (PCI-DSS) and the Data Protection Act (DPA), certain types of data storage are not recommended at all or are prohibited. This data is often stored, be that on purpose, for testing and development of systems, inadvertently by errors in design and coding, legacy systems that have not been fully decommissioned or even stored on legitimate systems by hackers in order to harvest data during an attack.
After managing and forensically investigating hundreds of data breaches over the past decade, 3B Data Security have seen all variations on why data is stored and ultimately compromised by attackers, especially unencrypted cardholder information such as a Primary Account Numbers (PAN), CVV/CVC, cardholder names and addresses.
By proactively searching for unencrypted cardholder data across the computer network environment this data can be located, verified, securely erased and the processes that allow the data to be stored in the first place fixed for the future. This will help your business mitigate against the risks of storing unencrypted cardholder and PII data going forward.
Under the Payment Card Industry Data Security Standard (PCI-DSS) and the Data Protection Act (DPA), certain types of data storage are not recommended at all or are prohibited. This data is often stored, be that on purpose, for testing and development of systems, inadvertently by errors in design and coding, legacy systems that have not been fully decommissioned or even stored on legitimate systems by hackers in order to harvest data during an attack.
After managing and forensically investigating hundreds of data breaches over the past decade, 3B Data Security have seen all variations on why data is stored and ultimately compromised by attackers, especially unencrypted cardholder information such as a Primary Account Numbers (PAN), CVV/CVC, cardholder names and addresses.
By proactively searching for unencrypted cardholder data across the computer network environment this data can be located, verified, securely erased and the processes that allow the data to be stored in the first place fixed for the future. This will help your business mitigate against the risks of storing unencrypted cardholder and PII data going forward.
