Our Cardholder Data Discovery/PII service allows us to help you identify and mitigate the risks associated with storing credit cardholder data, by swiftly highlighting any stored cardholder data residing on computer networks and storage media, so that it may be erased in a secure manner.
We can reduce the risk of this data being stolen by locating stored, unencrypted cardholder information such as a Primary Account Number (PAN), thereby helping you achieve or maintain PCI DSS compliance.
Under the PCI DSS (Payment Card Industry Data Security Standard), merchants and payment service providers can be fined if they are a victim of a data compromise or are found to be non-compliant with the PCI standard. Additionally, the Information Commissioner’s Office (ICO) is also able to impose substantial fines for breaches of the Data Protection Act (DPA).
Our extensive experience of conducting forensic investigations and PCI card data breaches has taught us that this data can exist anywhere within a customer’s infrastructure – even when the customer is convinced that they do not store it or have believed that it has been securely deleted.
Often as a result of legacy systems, spreadsheet files, database backups, hidden tables and/or transaction logs, unless you regularly conduct an infrastructure scanning exercise to confirm that unencrypted cardholder data doesn’t exist, then the risk of non-compliance and data theft is still extremely high.
PCI-Secure can locate, recover and investigate your computer systems and networks to mitigate the risk of storing unencrypted cardholder data and other personal information. We will work with you to identify potential areas of storage, identify whether cardholder data is present on these systems and if required, assist you to securely erase this data – enabling you to proactively carry out all of the necessary steps to mitigate the associated risks.