If you are a merchant of any size accepting credit cards, you must be in compliance with the PCI Security Standards Council (PCI SSC), an independent body that was created by the major payment card brands; e.g., Visa®, MasterCard®, American Express®, Discover® and JCB.
The set of requirements set by the PCI SSC is known as the Payment Card Industry Data Security Standard or PCI DSS for short. These requirements are designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment to protect this sensitive data.
Although PCI DSS is administered and managed by the PCI SSC, it is the payment brands and acquirers, such as TransFirst®, that enforce compliance — not the PCI council. However, as a merchant that accepts payment cards, PCI compliance is your responsibility. It will help to ensure that your business and its customers have protection against the extremely costly, disruptive and adverse consequences a data breach or suspected data breach would cause.
Hardships caused by an actual or suspected data breach include the damage done to a company’s reputation. Once a breach has occurred, customers may be wary and business can fall off and never recover. The penalties for a security breach while out of compliance can range from a slap on the wrist to substantial fees. Issuing banks and credit card processors can be fined up to $500,000 for regulatory compliance violations — costs that would inevitably passed on to you, the merchant. Additionally you would likely see an increase in transaction fees.
Data breaches are costly, as demonstrated year after year in the Ponemon Institute’s annual study on the cost of data breach incidents for U.S.-based companies. The 2010 Cost of a Data Breach study found for the fifth consecutive year, data breach costs have continued to rise and cost organizations more every year . The average organizational cost of a data breach in 2010 was $7.2 million, up 7% from $6.8 million in 2009.
The study also reports as in prior years, data breach cost appears to be directly proportional to the number of records compromised. Therefore, larger breaches continue to be a more serious cause for concern than smaller breaches.
Efforts to prevent future breaches by organizations that have had previous data breaches are most often training and awareness programs. Other remediation procedures often include: additional manual procedures and controls, expanded use of encryption, identity and access management solutions, data loss prevention solutions and endpoint security solutions.
TransFirst works with our clients to achieve and maintain PCI compliance to reduce your risk of threatening data breaches that can lead to credit card fraud and identity theft. We also offer a Data Breach Security Program designed to help you meet the expenses that result from a suspected or actual credit card payment data security breach.