Estimated reading time: 2 mins
PCI compliance is a process of making sure any data you collect when taking card payments meet the security standards of the Payment Card Industry (PCI). These standards have been in existence since 2004 and are regularly monitored and updated. This means that merchants who take card payments have to stay informed on security protocols, and may need to alter their systems to match requirements.
What happens if you don’t? Well it could cause you a lot of problems in terms of costs, because you won’t be covered by card providers. Here are 3 more reasons you should always remain PCI compliant.
- Creates Confidence in Existing & Potential Customers
Most people are wary of payments to a new vendor or business. This is usually lessened by showing that you are PCI compliant and have met the standards of the card payment industry. Keeping updated with your compliance also means your existing customers stay happy. Can you imagine dealing with a business who suddenly lost their compliance certification? Would you feel confident handing your details over to them?
Make sure your general procedures are kept updated, and don’t forget that there are specific guidelines for different methods of purchase. For example, maintaining PCI compliance with over the phone transactions is different to maintaining it with in-store transactions.
- Protects Your Customer Data
Protecting your customer data isn’t just about protecting their bank accounts. With the International Data Corporation predicting that 1 in 4 people will have been affected by data breaches by 2020, there’s a good chance that many people are going to eventually have some data stolen. The key is to minimize what is lost, and more importantly, to make sure it isn’t lost because of you!
For some businesses, important data being leaked could see them lose an advantage to their competition. That also means a loss in profit and reputation, which can cause an ugly downwards spiral.
Then there’s customer data outside of card numbers and bank accounts, stuff like purchase history and so on. For some, this data is sensitive and should be kept private, a task which is made a lot easier if you stay PCI compliant.
- Prevents Extra Costs in the Event of a Breach
Costs from a breach can range from small, such as replacement cards, to large, such as investigation or assessment costs. Then there are potential lawsuit costs involved if you weren’t PCI compliant in the first place, and these can be huge.
Target is a good example of this, with their 2013 breach costing them around $300 million so far. Many brands would sink under this cost. The reason Target didn’t wasn’t just their size, it was having enough surplus capital and enough ongoing income to cover the hit. Even then, it has affected them and their ability to grow or even maintain their position, as well as damaging their reputation.
Being compliant reduces the risk of you being breached considerably and ensures that any coverage you have for the relevant situation won’t be voided. Insurance can be essential in helping save breached companies from going out of business.