Though merchants understand that the penalties for failing to comply with the Payment Card Industry Data Security Standards (PCI DSS) can be severe, one expert questions whether the cost of compliance exceeds its value.
A Techworld report published comments from IT consultant Dave Birch, who, at a recent Westminster eForum digital conference in the U.K., told listeners that he doubted the long-term viability of PCI DSS. Calling the cost of compliance “a cure that’s worse than the disease,” Birch said the concept of the standards requires renewed consideration.
His comments were disputed by the European head of the PCI Security Standards Council (SSC), Jeremy King, who said data shows the cost of compliance is cheaper than the financial impact of a breach. In additional, reputational damage from a breach can have far-reaching, sometimes incalculable effects on a brand, King argued.
“The cost of putting your brand back together again is far more significant and far outweighs the cost of the breach,” he was quoted as saying by Techworld.
Of course, the cost of compliance differs between companies and often depends on the service providers a business has engaged to support this endeavor. Merchants can save significant cash if they partner with third-party technology consultants that offer quality support at a reasonable price.
For example, when implementing a credit card processing system, businesses can save the most money if they work with a provider that does not engage in kickback payment processing. In this arrangement, a software provider has established a revenue-sharing agreement with a credit card processing company, thereby driving up costs for the end user and restricting the merchant’s ability to work with more affordable processors. Research into this practice can reveal software providers that offer flexible use of processors and Independent Service Organizations (ISO).