Letting an employee stay an employee just because you would feel bad firing him is a bad idea. Not changing your password to all your website’s areas of access after firing someone is a worse idea. But ignoring basic PCI compliance regulations could be the worst idea of all.
With more than 510 million records containing sensitive information breached since January 2005, statistics indicate that cardholder data breaches are on the rise, and criminals are increasingly targeting small and medium businesses to obtain cardholder information. To help protect consumers’ payment data, the payment card industry created the Data Security Standard which implemented PCI compliance.
The Payment Card Industry Data Security Standard (PCI DSS) has been in existence for years, requiring any merchant that processes, transmits, or stores customer’s cardholder data to achieve PCI compliance. The PCI compliance process comprises of 12 high-level PCI DSS requirements. Getting your website scanned and then repairing holes found in the security report is just one of the regulations.
With the effort involved, entities may question whether they should allocate their time and financial resources or just ignore PCI compliance altogether. However, in the case of PCI compliance, the benefits ultimately outweigh the drawbacks. The risks associated with ignoring PCI DSS requirements can range from loss of reputation to financial ruin.
What Happens If You Do Not Follow Regulations?
1. You May Suffer Financial Losses from Which You May Never Recover
Merchants ignoring the growing adoption of PCI DSS do so at their own peril as the penalties for non-PCI compliance are severe. Non-PCI compliant merchants and payment processors can face fines from $5,000 to $500,000, depending on a variety of factors. In 2006 alone, Visa reported imposing $4.6 million in fines.
Additional costs and repercussions include:
Notification, card re-issuance, and credit monitoring costs for affected parties
Forensic investigation and remediation costs
Increased rates charged by banks and/or processors
2. You May Lose The Ability To Accept Credit Cards
Credit card companies may revoke the right of a merchant to process credit card transactions. This can be the cause of a “virtual death sentence” for many organizations.
3. You May Loose Clientele Due To Negative Reputation
Reputational damage, lost business, and reduced partner/consumer confidence and trust are just some of the after-effects of a data breach. Reports demonstrate that 69% of consumers would be less inclined to conduct business with a breached entity, which can even lower share price and impact the ability to raise capital in the future. It is evident that the cost of keeping PCI compliant regulations is pale in comparison to the potential costs and fines associated with data breach.
The good news is that just by adopting the PCI DSS operating guidelines and regulations, entities can mitigate many of these risks.
It is not unusual for business owners to feel frustrated by the rules and requirements surrounding PCI DSS. The most productive way for merchants to think about PCI compliance is like a set of continuously evolving security best practices benefitting their business. Having a company like Trust Guard, for example, scan your site for more than 75,500 security vulnerabilities on a consistent basis can help you stay focused on growing your business.
Going weeks without brushing your teeth and then eating onions every meal is a bad idea. Going on a blind date at the end of those two weeks and then slow-dancing is a really bad idea. But ignoring PCI compliance regulations could be the worst idea of all.
Special thanks to Control Gap for their article on this subject found here.
Leave a Reply