We have all heard headline news of large breaches involving the theft of credit card data. However, what most people don't realize is that there are thousands of smaller breaches that take place on a weekly basis that are never publicized. Most of the time, the affected merchants and services providers are shocked. They are shocked that they have been hacked but they are even more shocked because they did not realize that they had cardholder data. In most cases, companies believe that they either don't store cardholder data or they believe that all of the their data is securely encrypted. Many times, data is stolen from unsecured, unencrypted, log files or transaction files that the company had no idea they had. In other cases, cardholder data has "leaked" out of secure locations within the network and has found its way to the workstations of employees that believe they have a need for it.

We have helped many companies secure their cardholder data. As we do, we emphasize a couple key principles:

  • It is hard to secure something you don't know you have, and
  • If you don't need it, don't store it.

To help our clients benefit from these principles, we created TrackFinder. TrackFinder helps companies find credit card data in their environments. And once found, TrackFinder makes it easy to securely encrypt or wipe this data. This can be done from the local machine or from a central managment console.


TrackFinder allows a designated Administrator within the organization to remotely initiate scans across the network without the need to install the application. The scan results are aggregated on the Administrator machine or a central server. These results can be reviewed by the Administrator along with excerpts from files found to contain cardholder data. This approach helps Administrators understand the content and usage of these files and allows him/her to make an informed decision about how to secure them. To ensure that cardholder data is never propagated, all PAN's and Track data are masked. Masked results are color coded for easy identification and risk analysis; PAN's are colored yellow and Track data is colored red.

After reviewing the results, the Administrator can then remotely trigger the encryption or secure deletion of these files. Once the files are secured, confirmation is provided back to the administrator.

For geographically dispersed networks that are not readily accessible over a wide area network, we offer a SaaS version that allows results to be encrypted and aggregated on our secure server where the Administrator can access them.


For more information or to request a demonstration, please contact us at: