Guest post by Ray Moorman, Director of Product Management, Vantiv Integrated Payments (formerly Mercury Payment Systems)
Security isn’t a profit center. In fact, it can be downright costly to maintain a fully compliant system. However, the benefits you gain by ensuring that your business meets all Payment Card Industry Data Security Standards for total compliance could very well be priceless.
No matter the size of your business, if you accept, transmit or store cardholder data, you must comply with PCI requirements. And no matter the size of a business, no system is completely immune to cyber crime. In large and small organizations alike, the fraud that results from stolen card data drains businesses of billions of dollars each year. And now with the 2015 EMV liability shift, merchants who accept card-present payments are invested in a much higher share of that cost.
Although PCI compliance may seem like just another hassle detracting from the focus of running your business, maintaining full compliance is a necessary measure you should welcome to shield yourself and your customers from the incalculable price that a data breach may have. By making your data more secure by adhering to PCI guidelines, you’re protecting your business in several ways.
Helping to develop, enhance, disseminate and assist security standards compliance through a list of guidelines every business is mandated to follow, the PCI SSC does not enforce its directives. Rather, penalties for non-compliance are carried out by the individual payment brands.
Fines for noncompliance vary on the discretion of the card brands and acquiring banks, and can range from $5,000 to $100,000 per month for the merchant. It’s a high price to pay for negligence, but consider the alternative: the average consolidated total cost of a data breach is $3.8 million, according to a 2015 Ponemon Institute study. With each lost or stolen record costing an average of $174, even 500 compromised payment records can exceed $75,000 in liability for a breached merchant.
The PCI SSC doesn’t exist just to make rules and regulations to be enforced by penalties; it can be highly rewarding to the businesses that choose to conform to the requirements of payment safety. As the minimum standard for the payments processing industry, the PCI DSS ensures that the payments system is stronger and better protected from data breaches, which often result in card payment fraud. In short, the security of cardholder data affects everyone. And by taking the preventative measures to better protect your business, you’ll save yourself time and money—two very valuable assets.
Ray Moorman is Director of Product Management at Vantiv Integrated Payments (formerly Mercury Payment Systems), where he focuses on EMV solutions. Ray has more than a decade of experience in the payments industry and has served in various positions including operations, acquisition integration and product.