Cardholder data breaches are real and are occurring more frequently than ever. It’s the reason PCI DSS compliance is such a big deal. The significant cost of a forensic investigation, the damage to a merchant’s goodwill and the fines assessed by the card brands can easily reach six figures and is often more than a merchant can afford.
Merchants who do survive a cardholder data breach have to battle to repair their image and make significant investments in IT.
While you may have reasonable defenses at your network perimeter, a hacker can get in by something as simple as an unsuspecting employee clicking an email link or the compromise of a third party vendor you use whose system you have no direct control over.
Once a data breach is identified, an initial forensic investigation may be ordered by us or one or more of the card brands which we estimate can cost anywhere from $5-50K for small to medium-sized businesses. The card brands then levy fines for which the breached merchant is responsible. Fine amounts are directly related to the number of records exposed and the unique circumstances of the breach. Five to six figure fines for a small to medium sized business would not be uncommon.
The Payment Card Industry Data Security Standards (PCI DSS) were designed to prevent cardholder data security breaches when strictly adhered to. Not only are all businesses that accept credit or debit card payments in the United States required to comply with the PCI DSS, but doing so can help prevent the devastating impact a breach can have on your business. If you have not validated PCI DSS compliance in the last 12 months by completing a Self Assessment Questionnaire through our online compliance portal, please visit www.pcilogistics.com.