FFIEC News

Solidcore Report 'PCI Compliance Cost Analysis: A Justified Expense' Released

(Jan. 15, 2008)-- Solidcore Systems, Emagined Security, and Fortrex Technologies announced the availability of a new report analyzing the costs of achieving and sustaining compliance with the Payment Card Industry Data Security Standard (PCI-DSS). The report entitled 'PCI Compliance Cost Analysis: A Justified Expense- reveals that the cost for merchants and service providers not meeting the PCI requirements can be 20 times greater than the cost of proactively becoming compliant.

Solidcore Systems, Emagined Security and Fortrex Technologies identified three main categories of costs to provide an insider's perspective on the overall costs associated PCI DSS compliance. The cost categories are described as:
1) Upgrading Payment Systems and Security Infrastructure,
2) Verifying Compliance (Assessments), and
3) Sustaining Compliance.
The report evaluated costs incurred by a Level 1 merchant with 2,000 to 2,500 retail locations, and found that the cost of PCI compliance can be as high as $18 million compared to as much as $250 million for not meeting and sustaining compliance.

Subsequently, Solidcore and Emagined Security also polled 201 IT and compliance professionals and found that more than half (57 percent) of the respondents admitted their organization either experienced or did not know if they had experienced a compliance control deficiency in the last year. This data revealed a lack of attention toward PCI compliance among most merchants and service providers.

'It is no longer enough to simply achieve PCI compliance. Merchants and service providers must sustain continuous compliance for the security of their customers and the integrity of their business,- said Bob Vieraitis, vice president of marketing at Solidcore. 'While the up-front costs of PCI compliance might initially seem high, following the best-practices of the PCI-DSS is essential to avoiding the detrimental costs linked to a data breach, fines from the credit card companies, and revenue loss tied to a damaged reputation.-

The credit card companies divide merchants into various levels based on the number of transactions processed every year. While each level is subject to a different set of compliance activities, the strictest rules and highest costs apply to Level 1 merchants (those processing six million transactions or more annually). Achieving PCI compliance, avoiding fines imposed by the credit card companies, and retaining the privilege to accept credit cards requires merchants and service providers to address approximately 180 individual PCI requirements in 12 categories. Participating merchants must pay for their own PCI compliance assessments, and the incremental cost of compliance depends upon the extent to which a merchant's infrastructure is already in a compliant or near-compliant state.

Share or bookmarklet this web page at: