How Important Is Data Security And PCI Compliance?

Identity is an extremely valuable commodity in this modern business world. Customers are becoming more and more aware of the need to guard their personal information and to demand a high level of data security around any electronic transactions they make. The PCI DSS was created to be a standard and a measure against which merchants can be judged and a tool to help them achieve the necessary level of security.

PCI compliance is required of any company that stores, processes, or transmits sensitive credit card data. The PCI DSS (Payment Card Industry Data Security Standard) was created by the five major credit card companies and consists of 12 requirements that merchants must conform to. These are not necessarily easy requirements to fulfill, nor are they necessarily cheap. PCI compliance can, in fact, be an impressive drain on your resources.

If, then, PCI compliance is so complex and time consuming, where is the incentive to accomplish it? Is the concept of data security on its own enough to motivate a merchant to take action?

First, let us back up and answer the original question. Exactly how important is data security and PCI compliance?

To answer this question we can look at some of the current examples of what can happen if you don't place the proper importance on data security.

The TJX company is one of the most high profile cases in recent history. Starting around July 2005 hackers were able to spend about 18 months exploiting various vulnerabilities in their system to download nearly 100 million credit card numbers. But it didn't end there. These hackers were also able to intercept information that was transmitted when a return was processed. This information is often even more sensitive than what is transmitted for a normal transaction.

What did this cost them? Between legal fees, regulatory fines, and other costs, some estimates put the monetary costs over a hundred million dollars. Other estimates put that number much, much higher.

The costs don't end there, though. There are other, more detrimental costs that are, unfortunately, less quantifiable. These are the costs that include the loss of reputation and the increase of suspicion. When word gets out about their lack of security, how many customers will rethink their desire to do business with them? Herein lies the real detriment to future success.

Investigations continue, but it seems that the TJX company was not keeping up with PCI compliance measures. They were transmitting unencrypted data across wireless networks which means that any hacker that intercepted those transmissions can easily read that information. This is not good.

So what can most companies expect if they suffer a breach? Merchants can be fined up to 500,000 dollars per incident. If, after the breach, the merchant still does not reach PCI compliance, they may be subjected to more fines, which could include monthly fines and periodical audits as well.

Data security measures cannot be procrastinated, and they should always have a high priority in your business. Despite the inherent costs that come with PCI compliance, it will, in the end, be worth it.

There is another option for companies who do not believe they have enough time or resources to accomplish PCI compliance in-house. Many companies have emerged that specialize in data security and PCI compliance. Outsourcing payment processing and data security and storage is becoming a popular option for many companies. By relying on a company that specializes in these areas you can reach PCI compliance more quickly, and without any major interruptions in your normal business practices.

In the end, you cannot underestimate the importance of strong data security and PCI compliance. If you take care of your customers' interests, they will take care of yours.

Andy Eliason is a writer at Main10, Inc. If you'd like to learn more about PCI compliance or Data Security, visit Braintree Payment Solutions today.