Merchants Unaware: 60% Are Storing Unencrypted Card Data

Updated on November 22, 2021

Security Metrics

Security Metrics PANscan data reveals alarming stats:

61% store PAN data & 7% store data inside magnetic stripe

“The 16-digit sequence on the front of credit cards is known as the Primary Account Number, or PAN, and this number is most likely unprotected by many of the merchants who obtain this data. It is estimated that about 60% of merchants that take hold of the Primary Account Number on credit cards are storing this unencrypted card data.

Businesses often do not realize this information is being stored, because the information is held in customer service departments, sales departments, error logs, and other areas. Once the use of the data is finished, it is often only deleted, and not erased. Erasing the data opposed to deleting it creates a safety net. Attackers looking for this information can easily obtain it after being deleted, however erasing the data by erasing the file from the disk drive stops these attackers from being able to find it.

The safest way to protect this data is to use discovery software specifically designed to protect from hackers looking for this data. In addition to using this software it is important to limit storing data to only what is necessary, and completely erasing from your disk drive from every department when its use is complete. Never store track data, and schedule regular scans and run software when any changes are made to the payment process. ”

Remember track data should never be stored in your system or on servers. If you have any questions about PANscan or Security Metrics please click on the below link.


Square, Best Choice
for Low Volume
Credit Card Processing

Starting at 2.6% + 10¢ per swipe for Visa, Mastercard, Discover, and American Express.