SecurityMetrics' New PANscan Detects Stored Payment Card Data Violations, Helping Merchants Comply With Payment Card Mandates

Software Downloads Are Free of Charge; Scan Results Delivered Immediately

News provided by

SecurityMetrics

Apr 13, 2010, 09:12 ET

LAS VEGAS, April 13 /PRNewswire/ -- SecurityMetrics today announced PANscan, a free-to-download software product that detects credit card data stored on merchant computer systems in violation of the Payment Card Industry Data Security Standard (PCI-DSS). The software helps merchants avoid data compromise by identifying data leaks caused by non-compliant or improperly configured payment applications or improper handling and storage of card data by employees.  

PANscan simplifies the testing process by enabling non-technical merchants to quickly find prohibited credit card data on their systems. It will:

  • Search the merchant's system for cardholder data, including Track 1, Track 2 and Primary Account Number (PAN) data that may be stored on their computer systems in violation of PCI requirements. Searches include archive files such as .zip and .gz files where backup information is often stored.
  • Triple-check all threats to ensure they are valid, utilizing technology developed to facilitate SecurityMetrics' forensics investigations. This virtually eliminates the false positives common with other scanning products and the associated time required to research and resolve these errors.
  • Run 10 times faster than a normal disk scan, while also minimizing resource use to prevent system slowdown.
  • Report summary results immediately in a popup window when the scan is completed, indicating whether or not the system contains prohibited card data.
  • Allow scans to be performed as frequently as desired on any number of merchant machines, including local hard drives, optical drives and network servers.

This ability to quickly detect if cardholder data is being stored on their workstations or servers in violation of the PCI DSS standards is available to any merchant, whether or not they utilize SecurityMetrics' Site Certification Services. Enrolled SecurityMetrics customers receive additional services including no-cost telephone or email support, false positive reconciliation and automatic reporting to their acquirer.

If no violations are detected, merchants have peace of mind knowing their systems are functioning securely. If violations are uncovered, merchants can accelerate their transition to secure payment applications approved under the Payment Application Data Security Standard (PA-DSS).

"Many merchants inadvertently store payment card data, either because their payment application software fails to meet PA-DSS standards, their applications are improperly configured or because employees are unaware that they should not electronically store this information. If these merchants get hacked, they are not PCI-compliant and may face serious financial penalties," said SecurityMetrics CEO Brad Caldwell. "PANscan enables merchants to quickly ascertain whether they have a problem so that they can take action to protect themselves."

The PCI DSS is a comprehensive set of global security requirements developed by the PCI Security Standards Council in order to safeguard cardholder data worldwide.

Availability

SecurityMetrics' new PANscan product will be demonstrated at Booth #715 at the 2010 ETA Conference and Expo opening Tuesday, April 13 in Las Vegas. It will be downloadable in May at www.securitymetrics.com/panscan.adp.

For more information about SecurityMetrics' PCI and PA-DSS compliance solutions, contact a representative at 801-724-9600 in North America, 0207.993.8030 in Europe, and 612.8011.3270 in Australasia.

About SecurityMetrics

SecurityMetrics, Inc. is a leading provider of Payment Card Industry (PCI) Data Security Standard (DSS) security solutions, including the most successful mass-merchant compliance model in the industry. The company is certified to perform PCI Scans (ASV), PCI audits (QSA), Payment Application Data Security Standards audits (PA-QSA), penetration tests and forensic incident response assessments (QIRA). SecurityMetrics also offers a security appliance that includes vulnerability assessment, intrusion detection and intrusion prevention capabilities. SecurityMetrics is a privately held corporation headquartered in Orem, Utah. For more information, contact SecurityMetrics at (801) 724-9600 or visit www.securitymetrics.com.

SOURCE SecurityMetrics

WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?

icon3
440k+
Newsrooms &
Influencers
icon1
9k+
Digital Media
Outlets
icon2
270k+
Journalists
Opted In
GET STARTED