We all know by now that PCI compliance is necessary, but that doesn’t mean it’s the easiest thing in the world to accomplish. Many businesses claim that complying with the PCI Data Security Standard is too hard and too expensive.
Understanding and executing the 12 PCI DSS requirements can seem intimidating, especially for small to medium sized businesses. However, these requirements were developed to help protect businesses from being victims of cardholder theft. Even if there was no requirement for PCI compliance, the practices for security found in these standards are steps that every business would want to take anyways to protect sensitive information. Most aspects of the PCI DSS are already a common practice for businesses who want their sites secure. There are many products and services available to help meet the requirements for security and PCI compliance.
When people say PCI is too hard, sometimes what they may really mean is that complying is expensive. But you should know that the business risks and ultimate costs of non-compliance can greatly exceed the cost of implementing PCI DSS.
Non-compliance can be very expensive if not catastrophic. Non-compliance doesn’t just result in costs associated with fines, credit card replacement and audit fees, but also from loss of business reputation and revenue. In fact a recent study stated that 70 percent of the cost of non-compliance was loss of revenue. This is not only a big deal for big companies that are criticized by the media, but may be truly disastrous for small businesses and the result is putting them out of business.
So, if you are one of those people that have ignored PCI compliance, know that it is not worth it. Complying with the PCI Data Security Standard is a must!