Skip to the main content.
Contact
Contact

2 min read

3 Risks of Ignoring PCI Compliance

3 Risks of Ignoring PCI Compliance

With more than 510 million records containing sensitive information breached since January 2005, statistics indicate that cardholder data breaches are on the rise, and criminals are increasingly targeting small and medium businesses to obtain cardholder information. To help protect consumers’ payment data the payment card industry created PCI compliance.

The Payment Card Industry Data Security Standard (PCI DSS) has been in existence for years, requiring any merchant that processes, transmits, or stores customer’s cardholder data to achieve PCI compliance. The PCI compliance process comprises of 12 high-level PCI DSS requirements.

With the effort involved, entities may question whether they should allocate their time and financial resources or just ignore PCI compliance altogether. However, in the case of PCI compliance, the benefits ultimately outweigh the drawbacks as the risks associated with ignoring PCI DSS requirements can range from loss of reputation to financial ruin.

npd5ub9oq0vovhsg58kw-002

What Happens If You Are Not PCI Compliant?

1. You May Suffer Financial Losses

Merchants ignoring the growing adoption of PCI DSS do so at their own peril as the penalties for non-PCI compliance are severe. Non-PCI compliant merchants and payment processors can face fines from $5,000 to $500,000, depending on a variety of factors. In 2006 alone, Visa reported imposing $4.6 million in fines.

Additional costs include:

  • Notification, card reissuance, and credit monitoring costs for affected parties
  • Forensic investigation and remediation costs
  • Increased rates charged by banks and/or processors

2. You May Lose The Ability To Accept Credit Cards

More devastating than fines, credit card companies may also revoke the right of a merchant to process credit card transactions, providing a “virtual death sentence” for many organizations.

3. You May Loose Clientele Due To Negative Reputation

Reputational damage, lost business and reduced partner/ consumer confidence and trust are just some of the after-effects of a data breach. Reports demonstrate that 69% of consumers would be less inclined to conduct business with a breached entity, which can even lower share price and impact the ability to raise capital in the future.

It is evident that the cost for getting and staying PCI compliant is pale in comparison to the potential costs and fines associated with data breach. The good news is that just by adopting the PCI DSS operating guidelines, entities can mitigate many, if not all of these risks.

It is not unusual for business owners to feel frustrated by the rules and requirements surrounding PCI DSS. Additional obligations excite few people, however the most productive way for merchants to think about PCI compliance is as a set of continuously evolving security best practices benefitting their business.

Engaging a Qualified Security Assessor (QSA) company such as Control Gap can simplify the process and help your organization adopt these practices and achieve compliance. Contact us at 1.866.644.8808 and we would be happy to help you.

Resources:

Desharnais, Yves B. PCI DSS Made Easy (PCI DSS 3.2 Edition). N.p.: n.p., n.d. Print.

https://www.namm.org/news/articles/pay-now-or-pay-later%E2%80%94-risks-associated-ignoring-pc

http://www.scmagazineuk.com/cant-we-just-ignore-pci-dss-and-get-on-with-life/article/216535/

https://iapp.org/news/a/2007-03-01-merchants-can-no-longer-ignore-the-pci-data-security-standard/

https://www.hytrust.com/wp-content/uploads/2015/08/HyTrust\_Cost\_of\_Failed\_Audit.pdf

What Is Cardholder Data In PCI Compliance?

What Is Cardholder Data In PCI Compliance?

Cardholder data, aka CHD, comes from credit, debit, and prepaid cards bearing the logo of one of the PCI founding card brands. CHD includes the...

Read More
PCI Under The Microscope

PCI Under The Microscope

The PCI Council has testified before Congress about standards and breaches in both 2014 and 2009 (links are to Google Searches). This year PCI is...

Read More
PCI Compliance and the Intel AMT Vulnerability

PCI Compliance and the Intel AMT Vulnerability

On May 1st a critical new and possibly unprecedented vulnerability was announced. The flaw in Intel's Active Management Technology (AMT) firmware...

Read More