Nationwide biometric database
February 5, 2019
The Worst Passwords of 2018
February 19, 2019
Being PCI compliant is a good idea. Not only does it confirm that you are processing credit card payments in as safe and as secure of a manner as possible but that you are staying on top of things. While much of what goes into achieving and maintaining PCI compliance is common sense cyber security there are some businesses who do not either maintain or achieve PCI compliance and that poses a problem not only for them but for their customers as well.
So besides the public confidence that comes with knowing that your business is PCI compliant what other reasons are there to achieve this standard?
The first is a monthly fee that you must pay. This comes from either the failure to complete your annual questionnaire or from failing to meet compliance. A non-compliance fee of about $20 per month will be assessed to your business until compliance is met. It is hoped that this small financial penalty and the hassle of having to pay it every month will be enough incentive to not only meet PCI compliance but to maintain it as well. After a time this can certainly add up to more than the cost of the compliance fee.
Of course PCI compliance is not law (though a merchant promises to adhere to it when opening a bank account) and a merchant can still operate a business and not be compliant. That does not mean that credit card processors are going to sit on their hands. Fines from processors and acquirers would come next and these fines can be hefty, from $5,000 up to $500,000 depending on circumstances and that is not the end of a non-compliant merchant’s financial commitment. Should a data breach happen YOU would be responsible for the cost of notification, card reissuing and credit monitoring of all affected people and businesses. You will be responsible for the costs of a forensic investigation and will be responsible for remediation costs. On top of that your bank and card processor will charge higher rates. Non-compliance does not make financial sense.
That is not the end of it. Credit card companies hold the “nuclear option” so to speak and have the ability to deny your business the ability to accept credit cards. This is a death sentence for nearly any merchant doing business in today’s commercial landscape. Very, very few can recover from this.
Don’t forget as well that should a data breach occur, especially due to negligence or non-compliance, your businesses’ reputation as well as your own will be tarnished. Chances are your clientèle will move to a compliant competitor. This can also be a death sentence for some businesses.
At JLE Business Consultants we know that PCI compliance and the process that goes into it is not easy and can be extremely frustrating. For that we are here to help and to try to make this as easy as possible for you. Being compliant though should be something that every business strives for. The risks that come with non-compliance are too much and you will be walking a tightrope with your business. Don’t. Achieve and maintain PCI compliance. Do it for yourself and do it for your customers, or else you may not have anymore customers left.
