Is There a Value to Being PCI Compliant OR Is it Just Another Way for Card Processing Companies to Make Extra Money?
I recently met a woman, named Merissa, from Big Byte, a company that does data storage, IT for large businesses and disaster recovery. Merissa and I talked a lot of about PCI. Yes, they know companies who have been hacked. She told me a hotel in Albuquerque recently was hacked. Here is what she had to say about the value of PCI compliance. Marissa explained to me that the fines are reduced if the company is PCI compliant!
When a company gets hacked, the fines are horrific. For a small business, a horrific fine of $100,000 and upward could mean their only choice is bankruptcy. For a large company, the fines are exponentially higher and it is still a huge ouch! But if the company is PCI compliant and it can prove it has the policies in place that it told the PCI compliant survey it had in place, then fines can be reduced. In addition, if the company has actually put into place the best practices questioned in the PCI compliant survey, the fees get further reduced.
I have been told by many merchants that doing the PCI survey every year is unusually cumbersome. Well, life is cumbersome. Yes, it is a pain to secure insurance and understand what is in the policy. Yes it is time consuming to manage your books and expensive to pay someone to do them for you. But the consequences can be hugely exorbitant! Do you have identity theft protection? How cumbersome is that process if your social security number is stolen and someone accesses your bank account, debit cards and your IRS taxes? The time it takes to do the annual PCI survey can be an education with a monumental savings in value.
Watch for my next blog that goes into detail about how PCI compliance breaches occur and what you can do to prevent the criminals from getting at your data. In addition to being PCI compliant, there are opportunities to purchase data breach protection. Ask your credit card processor, your IT support, or your insurance company about data breach protection plans.