Jun 14 2010

Fallout from a PCI breach for merchants and consumers

Category: pci dssDISC @ 6:22 pm

There is a big misconception out there that PCI DSS compliance does not apply to us, because we are relatively a small company

The fact is PCI DSS must be met by all organizations that transmit, process or store payment card data. Also business owner want to know what is ROI on PCI compliance. It is the total cost of ownership which ensures that you keep earning big money. DISC

Thanks to federal law and standard practice by the financial industry, the maximum cash liability of a consumer whose cardholder data is stolen is only $50; the remaining losses are paid by the card companies. If the weak security controls allows a criminal to access other accounts or steal a consumer’s identity, financial fallout could be severe for that individual. Resolving just one incident of a stolen identity may take months if not years of effort.

Merchants face their own form of fallout. When a breach occurs, there are investigation and containment of the breach costs for the incident, remediation expenses, and attorney and legal fees. But this is just for starters. Strategic and long-term fallout for all Merchants may include but not limited to the followings:

• _ Loss of customer confidence.
• _ Lost sales and revenue.
• _ Lower use of online stores due to fear of breaches.
• _ Brand degradation or drop in public stock value.
• _ Employee turnover.
• _ Fines and penalties for non-compliance with PCI and
other regulations.
• _ Higher costs for PCI assessments when merchants with a
breach must subsequently comply with the penalty of
more stringent requirements.
• _ Termination of the ability to accept payment cards.
• _ Fraud losses.
• _ Cost of reissuing new payment cards.
• _ Dispute resolution costs.
• _ Cost of legal settlements or judgments.

The potential fallout for larger merchants can be huge, Smaller merchants, however, may have significant trouble weathering a cardholder data breach. Think about your company’s cash flow and whether it could cover potential damage from a breach. The risk of going out of business perhaps should be a motivation enough to follow PCI and protect the credit and debit card data.

How to Detect Debit Card Fraud

Tags: pci assessment, pci compliance, pci compliance books, pci consultant, pci dss

Leave a Reply