Pci Compliance - A Valuable Investment
- Date: 2008-04-21 - Word Count: 657
Share This!
PCI compliance is mandated for all merchants who store, process, or transmit sensitive payment card data. The PCI DSS is a set of twelve specific requirements that these merchants must adhere to. These standards are not necessarily easy to achieve, but that doesn't make them any less valuable to your future business success.
So what are the costs of becoming PCI compliant? The up-front cash requirements can, unfortunately, be rather daunting, depending on how far you have to go before you reach PCI compliance. Some estimates say that the nation's largest companies could spend hundreds of thousands of dollars as they take the steps to reach compliance.
Now, while this is an extreme example, the fact of the matter is that compliance can be costly and time consuming for any company. So the question surfaces: is it worth it?
Here is what could be considered a better question: what constitutes a valuable investment? And then the follow up: does PCI compliance fit this definition?
An investment implies that a person expects to get more out of it than they put in. And the higher the investment, the higher the expected return. And when it comes to PCI compliance, some merchants have come to the conclusion that the immediate cash return is not obvious or large enough to validated or convey the value of the required investment.
However, this view point is, for lack of a better term, a big mistake.
Another important way to view an investment and evaluate its worth is to consider what it will cost you if you don't make the investment.
The Payment Card Industry Data Security Standard includes a number of incentives and penalties, both designed to encourage PCI compliance. Merchants, as an incentive, are offered protections from fines if they are compliant at the time of a breach. On the other hand, a merchant can suffer fines as high as $500,000 per incident if they are not.
The example, which has recently gone through some litigation, that has often been used as the poster child of the costs of non-compliance is the TJX company.
Recently, the FTC made their ruling on the TJX incident. Beginning in July of 2005 hackers were able to take advantage of several weaknesses in their security, and easily stole nearly 100 million credit card numbers over a span of about 18 months. On top of that, when the company transmitted data for returned items, the data required for those transactions - which included a lot of personal information - was also stolen.
In the FTC ruling, it was decided that TJX created an unnecessary risk to personal information by storing it on, and transmitting it between and within, its various computer networks in clear text. Meaning: anyone who intercepted it could clearly read it. The ruling also said they did not use readily available security measures to limit wireless access, nor did they require administrators to use strong passwords, or different passwords for different programs.
And the list goes on.
Now let's analyze the costs of not reaching PCI compliance.
The fines that were levied against them were steep. Add to that the legal fees, call center costs, and more, and some estimates put the monetary costs in the hundreds of millions of dollars. But there are other costs to consider here as well, and the most important one is the cost of your reputation.
It can take years to build a reputation as a trustworthy merchant, and a single moment to loose it. How long will it take you to earn it back?
Can you ever earn it back?
In todays high speed commercial environment, it is absolutely crucial to keep up with trends, developments, and, most particularly, mandates. And as consumers also evolve, they will demand more safety and security from the companies they do business with.
PCI compliance is a very valuable investment. The costs of adhering to the standards may be high, but as we seen from actual examples, the costs of not adhering to the requirements are far, far worse.
So what are the costs of becoming PCI compliant? The up-front cash requirements can, unfortunately, be rather daunting, depending on how far you have to go before you reach PCI compliance. Some estimates say that the nation's largest companies could spend hundreds of thousands of dollars as they take the steps to reach compliance.
Now, while this is an extreme example, the fact of the matter is that compliance can be costly and time consuming for any company. So the question surfaces: is it worth it?
Here is what could be considered a better question: what constitutes a valuable investment? And then the follow up: does PCI compliance fit this definition?
An investment implies that a person expects to get more out of it than they put in. And the higher the investment, the higher the expected return. And when it comes to PCI compliance, some merchants have come to the conclusion that the immediate cash return is not obvious or large enough to validated or convey the value of the required investment.
However, this view point is, for lack of a better term, a big mistake.
Another important way to view an investment and evaluate its worth is to consider what it will cost you if you don't make the investment.
The Payment Card Industry Data Security Standard includes a number of incentives and penalties, both designed to encourage PCI compliance. Merchants, as an incentive, are offered protections from fines if they are compliant at the time of a breach. On the other hand, a merchant can suffer fines as high as $500,000 per incident if they are not.
The example, which has recently gone through some litigation, that has often been used as the poster child of the costs of non-compliance is the TJX company.
Recently, the FTC made their ruling on the TJX incident. Beginning in July of 2005 hackers were able to take advantage of several weaknesses in their security, and easily stole nearly 100 million credit card numbers over a span of about 18 months. On top of that, when the company transmitted data for returned items, the data required for those transactions - which included a lot of personal information - was also stolen.
In the FTC ruling, it was decided that TJX created an unnecessary risk to personal information by storing it on, and transmitting it between and within, its various computer networks in clear text. Meaning: anyone who intercepted it could clearly read it. The ruling also said they did not use readily available security measures to limit wireless access, nor did they require administrators to use strong passwords, or different passwords for different programs.
And the list goes on.
Now let's analyze the costs of not reaching PCI compliance.
The fines that were levied against them were steep. Add to that the legal fees, call center costs, and more, and some estimates put the monetary costs in the hundreds of millions of dollars. But there are other costs to consider here as well, and the most important one is the cost of your reputation.
It can take years to build a reputation as a trustworthy merchant, and a single moment to loose it. How long will it take you to earn it back?
Can you ever earn it back?
In todays high speed commercial environment, it is absolutely crucial to keep up with trends, developments, and, most particularly, mandates. And as consumers also evolve, they will demand more safety and security from the companies they do business with.
PCI compliance is a very valuable investment. The costs of adhering to the standards may be high, but as we seen from actual examples, the costs of not adhering to the requirements are far, far worse.
Related Tags: data security, ftc, personal information, pci compliance, pci complaint, pci dss, payment card industry
Andy Eliason is a writer at Main10, Inc. If you'd like to learn more about PCI compliance, or the PCI DSS, visit Braintree Payment Solutions. Your Article Search Directory : Find in Articles
Recent articles in this category:
- The No. 1 Rule For Projecting Confidence - Speak With Authority
One of the most important characteristics a person can project in a business setting - or any situat - After the Autumn Checkout European Debt Crisis and U.S. Brewing Rebound
In the commotion caused by the Fed on interest rates come to an end, the "disastrous" for the euro a - Advantages Of Arcade Game Rentals
There are many different advantages to arcade game rentals. Most people need something to release th - A General Primer on Truck Cargo Nets
In modern highways it is quite rare to see truck cargo nets in action, this is because they are usua - The United States Will Burst More Severe Financial Crisis
Not long ago, suddenly announced that the central bank to raise interest rates, the interest rate hi - Niche Marketing Profits - 3 Easy Steps to Finding a Profitable Niche Market Income in 10 Minutes
Like most beginners I was having a very difficult time trying to find a niche market to earn extra m - The Importance of Hospitality Management Consulting Firms Toronto
Businesses and the managers that help guide any business are in a constant state of improvement and - New Keynesian Theory Label
2010 winner of the Nobel Prize in Economics three theories have been labeled as "New Keynesian" labe - Federal Reserve Pouring Money QE2 Unpredictable Fortune
U.S. economist Milton Friedman proposed a "throw the cash from a helicopter" view, while the practic - Fiscal Consolidation Should no Longer Delay
British Chancellor of the Exchequer George Osborne today announced fiscal consolidation policy, shoc
Most viewed articles in this category:
- Common Financial Problems to Avoid
One must first change their habits and not procrastinate. American Consultants Inc at offers key fi - How a Bad Hire Can Hurt Your Business
What's worse - hiring the wrong person or not hiring anyone at all? Companies can become almost des - Joel Comm Is Dr. Adsense
What is Adsense? If you are new to making money online and net marketing, you may not know what Ads - 5 Steps For A Dynamic Wealth System Online
Recipe: Opportunity + knowledge + Dynamic Wealth System + Your Action = Massive Success!!! Step 1 - How To Stop Foreclosure
Losing your house to a foreclosure can be very scary. There are times when circumstances are ou - How to Always Pitch A Strike
As business owners, we are always working on new ways to convince people to become customers, client - Membrane Diffuser Solutions for Wastewater Treatment Systems
In the aeration basin of a typical wastewater treatment plant there are both organic and inorganic m - Another Year Hating Your Job or Loving Life?
Copyright © 2007 Mary Foley I've come to the conclusion that to be successful - really successf - Dyestuff Industry In India And China
World demand for dyes and organic pigments to touch $10.6 billion in 2008According to a study on dye - Cma-cgm Case : the Series of Lawsuits Continues in Syria, Lebanon, Egypt, France, England and the United States
Damietta company case : The series of lawsuits continues in Syria, Lebanon, Egypt, France, England a