Anyone who's had a business that accepts credit cards has heard of the phrase PCI compliance or shuddered from the thought of the fees and expenses associated with it.
Let’s define the terms. PCI stands for Payment Card Industry and is any merchant that processes credit cards or debit cards The DSS is the second part of the common term and stands for Data Security Standard. Consolidated from the five major card issuers, the security standards are intended to keep cardholders safe from unauthorized charges, and reduce expenses from security breaches.
Why is it so expensive to be PCI Compliant? Here's a look at the risks and costs of a data security breach.
Credit card security breaches are big news lately with the Target data breach taking the top headlines. It’s estimated that up to 40 million shoppers have been affected with their credit card details and up to 70 million people had their personal information compromised.
Banks are reporting that they’ve spent 153 million dollars to replace debit and credit cards alone, after only six weeks and two banks providing information. It’s estimated in 2008 alone, that the average cost of a data breach can range from 90-305$ per customer record. That’s astounding.
This makes card security procedures incredibly important (and expensive) and raises the stakes for anyone involved in the card processing industry. Those are the worst case scenarios with a security breach but there are other smaller fees associated with PCI compliance that are more common.
For a business to become PCI compliant, there are a number of expenses that might have to occur. There fees and expenses based on amount of businesses - broken down into different sales levels - compliance may require costly training, hardware and software upgrades.
Maybe it sounds cheaper not to comply with the PCI standards. Probably not. There's a PCI non-compliance fee that can be assessed either monthly or yearly, which isn't expensive, but the real potential cost is that the credit card companies can levy heavy fines in case of a data breach because of non-compliance with the PCI security standards. Those are just the fines alone and do not account for the secondary costs of litigation as the result of a data breach. The potential dollar amount has yet to be calculated and could be astronomical.