Protecting your customer’s credit card and other personal information is critical to all eCommerce merchants. All eCommerce merchants must be PCI compliant in accordance with the Payment Card Industry Data Security Standard (PCI DSS) and non-compliance can result in fines for banks and merchants. With however a recent survey from CyberSource found that 70% of the eCommerce merchants surveyed cited ”the need to ‘protect the brand’ as the primary driver for tightening controls against hackers and other payment security risks.” This is not a surprising find considering another report found that the average first time data security breach can cost an average $326 per compromised record, and costs are increasing each year. Considering the strict fines that are put in place, only 26% of survey responders said avoiding fines resulting from non-compliance with the Payment Card Industry Data Security Standard (PCI DSS) were the key motivator.
Source: Javelin Strategy and Research; June 2008; http://www.tawpi.org/uploadDocs/Data_Breach_survey.pdf
Some Interesting Survey findings include(source: CyberSource)
–Data moving out: Over the next 24 months, an increasing proportion of organizations expect to remove payment data from their environment as a way of reducing security risks.
–Efficiency improving: Organizations that do not capture, transmit, or store data inside their own network tend to employ fewer personnel, validate PCI DSS compliance more quickly, and operate at a lower overall cost of payment security management.
–“Data out” merchants spend less on infrastructure: 75 percent of PCI DSS Level 1 merchants that have removed payment data from their environments spend less than $500,000 on their payment security infrastructure. Only 60 percent of those that keep data in-house can make that claim.
–Risk not confined to outsiders: In one counter-intuitive finding, respondents said they felt the threat of payment data theft from inside employees was about equal to the threat from external hackers.
To get your own copy of the survey, click here.
To learn more about Dydacomp’s PCI Compliance, click here.