Other

Industry View: Calculating the True Cost of PCI Non-Compliance

Symark’s Ellen Libenson does the math.

By Ellen Libenson

Page 3

nbsp; This is true even for small merchants and service providers, since by contract they are liable to acquirers for the costs of a breach. Large merchants and service providers must view PCI DSS compliance as a major component of their corporate risk management planning.

Similarly, complying with PCI DSS can improve operations and security. Viewed as a security model, the control framework necessary for PCI compliance can help companies control compliance costs while developing a more efficient and reliable IT infrastructure designed to deliver better service while incurring less risk. This alignment of business and PCI goals ensures that internal security policies are consistent with PCI requirements.

As discussed previously, a great deal of damage is often done to a merchant’s stock price, reputation and customer loyalty when a data breach occurs. Therefore, an added benefit of PCI DSS compliance is developing a stronger competitive profile. Businesses that are already PCI compliant are experiencing all the financial, organizational and risk-management benefits, but they also have a stronger reputation—and therefore an advantage—over competitors that are experiencing all the costs of non-compliance and that may be forced to become compliant if they want to stay in business.  

Conclusion

Without question, there is a substantial cost associated with reaching and maintaining PCI DSS compliance requirements. While the initial cost of the technology, staff and other resources necessary to implement satisfactory controls has its price tag, it is vital that all organizations affected by the PCI standard consider both the short- and long-term costs of non-compliance as well as the benefits to meeting the requirements. This is especially important as PCI DSS evolves and increase in complexity as the standard moves towards becoming a federal regulation. The costs of non-compliance can far exceed the cost of systems to bring a company into compliance as was demonstrated by TJ Max and others.

By carefully evaluating the costs of compliance versus non-compliance and treating PCI DSS as a top priority, merchants, acquirers and other organizations can enjoy the plentiful benefits while avoiding monthly fines and potentially irreparable damage to brand reputation. Conversely, a laissez-faire approach to PCI DSS compliance efforts is often accompanied by severe costs, not the least of which is the potential for an organization to be permanently adjacent to TJX on the infamous short list of companies that have suffered large-scale data breaches….breaches from which they may never fully recover.

#


Ellen Libenson (elibenson@symark.com) has over 20 years of

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
The Surest Path to Effective and Efficient Compliance

VeriSignIn this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.

» View the webcast

Featured Sponsors
Sponsored Links

Using Likewise to Comply with PCI Data Security Standard

Rolling the dice with your security? Take the Self-Assessment Test now

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

How Are Open Source Development Communities Embracing Security Best Practices?

Digital Identity Protection and Data Security Get Personal

The Case for Business Software Assurance ~ Securing Your Applications

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Manage your IT more effectively

Welcome to the age of Service-Oriented Security (SOS)

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

Enabling Compliance with Converged Mainframe Security and Storage

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Efficient - Flexible - Compliant

Envision Identity-Based Access Control for the Datacenter

Simplify your data center with Juniper Networks. View the webcast

Solving Online Credit Fraud Using Device Reputation

Understanding Data Location is Imperative for Data Loss Prevention

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements