Why Ignoring PCI Compliance Can Ruin Your Business
A guest post by Alex Cartaya.
When starting a business or doing freelance work, it’s important to consider the risks of not implementing a plan for PCI compliance. PCI stands for “Payment Card Industry” and covers the use of payment cards, e.g. debit cards and credit cards. Regardless of whether a company accepts just one card or one thousand, adhering to PCI standards is vital if you want to protect against private data being stolen. PCI standards can be found on the PCI Security Standards Council website. These are some of the key problems that can occur if you don’t put security in place to protect your business or your customers.
Protecting Your Business is Critical
If you ignore PCI, there might be extensive damages to your company.
According to research released by Javelin Strategy & Research, in 2012, businesses had to spend about $2.70 for every fraudulent dollar in order to cover the merchandise ‘bought’ (effectively stolen) as well as fees to banks and other organizations to cover their portion of the loss. A couple dollars might not sound like much until you consider that most fraudulent transactions are much more than just one dollar. These deals result in your company losing about 270% of what was taken in. A few large fake transactions can sink any business, and this is just if you get hit taking in a fake credit card!
Having credit card information stolen can be much, much worse, not just financially – your brand takes a hit, too. Just consider the hot water that Target got themselves into last year and the issues that large retailers like Kmart and Home Depot are having today because of lax security. A security breach could be one of the worst PR events a company could suffer because it shows that they don’t prioritize protecting their customers.
How much financial damage are we talking about here?
It may be too early to estimate how much Kmart or Home Depot lost, but Target is estimated to have taken $148 million in losses due to the breach. They might recoup some losses thanks to their insurance, but not many organizations can look at losses over $100 million as a drop in the bucket.
Also, that only covers financial losses. What about lost business because customers lack faith in the retailer? This is harder to calculate because other factors need to be considered, but there’s no doubt that a good number of shoppers might hop over to competitors, afraid of having their payment card information stolen.
The Risk of Attacks from Vicious Hackers
Ultimately, attacks by hackers and other malicious entities are on the rise. Simply ignoring the risk of not securing your customer’s PCI information can only harm you because you’re increasing the risk of having your company network compromised.
A study conducted in 2010 suggests that the odds of becoming a victim of identity theft have increased from 1 in 3 to 1 in 9. Unless action is taken to prevent these attacks, things will only get worse. Implementing a PCI security plan is imperative.
So what are some significant anti-hacker investments businesses need?
First, your business network needs a firewall. You also need to encrypt network traffic that contains cardholder data. Investing in these technologies will not only protect your business from potential attacks, but, more importantly, it will also protect your customers.
Of course, no security plan can ever be 100% effective. Security breaches still happen. However, showing your clients that you’ve taken every effort to protect them is vital if you want them to trust your company and your brand.
I would love to get your thoughts on this. What security measures have you taken to ensure the protection of your business and your customers?