Majority of merchants found to store unencrypted payment cards

Majority of merchants found to store unencrypted payment cards

While PCI compliance in an eCommerce business would seem to be common protocol, a new study shows that many businesses still store unencrypted payment cards.

A study by SecurityMetrics reports that 71 percent of merchants stored unencrypted payment cards in 2011, an 8 percent increase over the previous year. This violates PCI DSS requirements, according to the company, and makes these companies subject to penalties and fines.

"There's so much going on in the security industry that it's sometimes difficult to target the most important things," said SecurityMetrics CEO Brad Caldwell. "We think these findings are a game changer for the security industry, and will help focus priorities on the bigger problem plaguing merchants today. After all, criminals can't steal card data merchants don't have."

SecurityMetrics study found 370 million unencrypted cards on home networks and business websites, with one network holding more than 96 million unencrypted cards.

PCI Compliance Guide's website said payment brands may fine acquiring banks $5,000 to $100,000 per month for compliance violations. The fines can be passed down to the merchants and could harm relationships, so businesses should be on top of their game with data security.