PCI Compliance Return on Investment (ROI)

  • Team Omega
  • January 23, 2017

ElecPCI Compliance Return on Investment (ROI)tronic transactions are a retailer’s lifeblood. If the data they hold is breached, there are consequences. Understanding the consequences is the first piece of the puzzle to understanding where PCI Compliance Return on Investment (ROI) comes from.

ROI comes from the following sources.

  • Penalty avoidance
  • Card privileges
  • Reduced risk of data breaches

Penalty Avoidance

Fines for non-compliance come from the credit card companies and range from at $5,000 – $50,000 per month for a level 2 merchant. The range for a Level 1 merchant is $10,000 – 100,000 per month[1].

In addition, processors charge a small monthly fee from $10 – $100 per month.[2]  More significant fines are assessed when a breach occurs. Breach fees can be as high as $90 per account disclosed in addition to the fines mentioned above.

Card Privileges

It is imperative merchants understand that the honor of accepting credit cards is a privilege. That privilege can be revoked by the card companies with the occurrence of an incident. When, depends upon the circumstances, the significance of the breach, and the response to the breach. However, if a merchant does not pay fines assessed, and/or continues to neglect to secure their network per PCI DSS standards, they run a significant risk of privilege revocation by multiple card companies. You do not want to see customers go to your competition.

Reduced Risk of a Data Breach

If you don’t think your business is at risk of a breach, think again. A 2016 survey of retail security IT professionals revealed that one third of them responded that their company had suffered a breach[3].

If company data is breached, employee, customer personally identifiable information (PII) and account data may be stolen. This puts them at a high risk of identity theft. Furthermore, company proprietary information could be stolen which puts the company at risk of loss of business. Competitors gain an edge with it. Additionally, there is loss of customer confidence and loyalty. Confidence and loyalty are tough to regain as customers who experience inconveniences due to a breach may not come back. Every customer is valuable; for every lost customer there is a significant loss of revenue.

Next, let’s not forget legal fees, the cost of hiring forensics investigators, the FBI, police involvement, and other consultants.

On the other side of the ROI figure, are the cost savings related to being compliant. One significant cost savings is achieved in that other standards controls often overlap with PCI DSS controls. For example, PCI DSS requires a properly configured firewall to secure a network. So once you’ve achieved PCI DSS compliance, the cost of adhering to additional requirements will be reduced.

Another cost savings may be realized through the use of the procedures implemented in the compliance process. PCI DSS compliance mandates the use of procedures such as change management, incident response planning, and risk assessment. Once those procedures are in place they reap benefits for all aspects of the company utilizing them.

Reach out to Omega to actualize your ROI. 636-557-7777 x2451. Get started now.

[1] http://www.focusonpci.com/site/index.php/PCI-101/pci-noncompliant-consequences.html
[2] https://www.cardfellow.com/pci-non-compliance-fee/
[3] https://www.tripwire.com/company/research/tripwire-2016-retail-security-survey/