If you are involved in any type of business that takes payments with credit cards, you should already know about the Payment Card Industry Data Security Standard, commonly referred to as the PCI DSS. This set of security standards must be followed by all businesses that work with credit cards. It’s not a suggestion, it’s a requirement.

The PCI DSS is comprehensive, and exacting in its requirements. Some business owners might think they don’t have to comply with every part of it because they’re not a big company, or some might even just decide they don’t want to comply because of monetary or time costs involved in doing so.

Non-compliance with the PCI Data Security Standard can have some serious consequences. The standard is there to keep information secure and fraud to an absolute minimum. Ignoring the mandates in the DSS leave you open to data breaches that can bring repercussions from many different directions. Here are just a few ways that non-compliance can hurt your business. The results are the same whether the situation is created willfully or out of ignorance.

Cost Of Compensation

If your customers’ data is stolen, you are going to have to work hard to regain their trust, if that’s possible at all. Several large retailers who’s suffered credit card data breaches, such as Michael’s Arts & Crafts and Target, have gone as far as to offer clients free credit monitoring to assure that their data has not been compromised again. The cost of doing this for a large customer base can be astronomical on it’s own. We won’t even get into the cost involved with the public relations nightmare that both companies suffered when the compromised data situation hit the news.

Even if both companies did manage to win back some of the affected clients, it’s impossible to determine how many were lost that will never return no matter what they are offered.

Legal Actions Against The Company

Lawsuits are commonplace. Even if consumers don’t think that they should file a suit in the case of compromised credit card information, you can bet there are plenty of lawyers out there willing to educate them to the fact that they can and should do so. Even if no judgement is filed against you, simply defending yourself is going to be expensive and time consuming.

TJX, the parent company to chain stores TJ Maxx and Marshalls among others, paid in the area of $40 million after it was discovered that a data breach on their systems exposed their customers’ credit card information in 2007.

Bank Fines

Banks don’t like risks, and you quickly become a very big risk if card information is stolen from you. If your company is involved in anything having to do with credit card fraud, you will be fined by the banks. Depending on the amount of information stolen and whether or not it is actually used to commit fraud, the fines can be crippling.

Federal Audits

The Federal Trade Commission is charged with monitoring organizations who have failed to comply with the PCI DSS and affected “large numbers of US citizens”. They can decide to fine you (in addition to any fines you might receive from banks) and also have the right to audit your business every year until they decide they are tired of doing it. Of course, with federal audits the requirements to comply will be extremely strict.

In Conclusion

These consequences are by no means an exhaustive list. There are countless other problems that will crop up as the result of a data breach. Advertising, investigating causes, investigating solutions, replacing or retraining employees, etc. The bottom line is that however difficult it might seem to comply with all of the PCI DSS mandates, it’s much more difficult to fix things in the aftermath if you don’t comply. They’re not just silly rules. The Data Security Standard is meant to keep you safe just as much as your customers.

If you have questions about PCI, or credit card processing in general, please contact us today at Servistree.com or 866-944-3244.