Most UK businesses are taking inadequate steps to safeguard customers’ credit card details, with some unwittingly storing millions of confidential records, according to a new study.
Analysis from ID protection specialists Ground Labs has found that on average more than 1,000 credit card records were found within each business sampled.
Even businesses that claim to be compliant with agreed global standards for credit card data security – such as PCI DSS compliance – hold rogue details, the survey revealed.
Among the worst examples uncovered was a company which firmly believed it had no records; but it was found to actually hold more than 20 million credit card numbers on servers throughout its network.
Ground Labs European director Mohamed Zouine said: “Even those businesses that believe that their systems are clean are carrying records that could be easily acquired by hackers.
“Many businesses continue prompting customers to email their credit card information as part of completing a transaction such as a hotel reservation for example.
“Transaction logs sent back from banks, browser caches, email duplications and more can hold sensitive data that has a black market value in the wrong hands and can be used to defraud consumers.”
Latest figures show that £341m was stolen in the UK in 2011 through credit card fraud. There is a global black market for credit card data and hacking incidents have risen by 19% in the past six months. In August 2012, the UK suffered 69% of worldwide phishing attacks.
