PCI-DSS

PCI Non-Compliance: 7 negative consequences for businesses

By September 19, 2017 No Comments
Certificación PCI-DSS - pci non-compliance

The consequences of being non-compliant can do an irreversible damage to your brand’s reputation – fortunately, there are secure and cost-effective ways to avoid them.

As a general rule, all companies that store, process or transmit credit card information are obliged to comply with PCI-DSS. Here are the negative consequences for PCI non-compliance:

1. Monthly penalties by the financial entities ranging from $5,000 to $100,000

PCI non-compliance can result in penalties ranging from $5,000 to $100,000 per month by the credit card companies. These penalties depend on the  volume of clients, the volume of transactions, the level of PCI-DSS that the company should be on, and the time that it has been non-compliant. For example, for Level 1- companies that have not met the requirements for more than 7 months, the penalties can reach up to$100, 000 monthly.

All penalties that banks or payment processors suffer as a result from non-compliance will be transmitted to the company that´s guilty of it, which on other hand strongly affects the relationship between the bank and that company.

2. Infringement consequences

Even the companies in compliance with the security standard PCI-DSS can suffer data breaches. If your company has suffered a breach where card information of any bank card holder has been endangered, you can expect the following penalties:

  • Between $50 and $90 per card holder whose information has been endangered;
  • Termination of the relationship between your company and its bank/payment processor;
  • Negative impact over your company’s reputation;
  • Lawsuit by the clients whose information has been violated;
  • Loss of trust due to the lack of security.

3. Compensation costs PCI non-compliance

If you don’t comply with the security standards, you will probably have to compensate your clients with credit card monitoring, identity theft insurance, or in any other form. They will get it for free – but it will be expensive for you.

4. Legal Action

Lawsuit is a very possible outcome if the information of various bank card holders has been endangered. In 2007, TJX had to pay $40.9 million for a data breach that exposed more than 100 million bank cards to risk. In 2014, approximately 1.1 million clients of Neiman Marcus were affected by another data breach that was detected with a 3-month delay.

5. Damaged reputation for PCI non-compliance

Putting your clients’ bank card information at risk can result not only in elevated costs, but it can cause irreversible damage to the reputation of your brand due to security mistrust. Once your security has been endangered, it will be very difficult for your clients to start trusting you again.

6. Revenue loss

A strong percussion on your brand’s reputation can drastically decrease your revenue due to the loss of clients followed by a security breach. In 2013, the retail giant Target was sentenced to $18.5 million for an infringement that affected more than 41 million consumers, leading to a $440-million-loss of revenue only in the first quarter after the breach.

7. Federal Audits

If your company is big and operates with a large volume of clients, the Federal Trade Commission can decide to perform frequent audits to make sure that you comply with the security standard. The Federal Trade Commission monitors organizations that don’t comply with PCI-DSS, and apart from imposing its strict regulations, it can decide to penalize your company for non-compliance as well. Complying with the security regulations for managing bank cards is extremely important for your business and the safety of your clients. However, the costs associated with the PCI-DSS certification can be very elevated for a lot of small companies, making them choose to keep on operating with bank cards in non-compliance. It is easy to fall into this temptation, but the consequences can be destructive for your business.

Fortunately, this problem has a solution. MYMOID, the progressive platform for online payments, offers a secure and affordable payment experience in compliance with PCI-DSS, so you can manage and store your clients´ bank data in a safe and comfortable environment. Also, do not forget to download our ebook on PCI-DSS for additional information!

Leave a Reply