We have all heard headline news of large breaches involving the theft of credit card data. However, what most people don't realize is that there are thousands of smaller breaches that take place on a weekly basis that are never publicized. Most of the time, the affected merchants and services providers are shocked. They are shocked that they have been hacked but they are even more shocked because they did not realize that they had cardholder data. In most cases, companies believe that they either don't store cardholder data or they believe that all of the their data is securely encrypted. Many times, data is stolen from unsecured, unencrypted, log files or transaction files that the company had no idea they had. In other cases, cardholder data has "leaked" out of secure locations within the network and has found its way to the workstations of employees that believe they have a need for it.
We have helped many companies secure their cardholder data. As we do, we emphasize a couple key principles:
- It is hard to secure something you don't know you have, and
- If you don't need it, don't store it.
To help our clients benefit from these principles, we created TrackFinder. TrackFinder helps companies find credit card data in their environments. And once found, TrackFinder makes it easy to securely encrypt or wipe this data. This can be done from the local machine or from a central managment console.