Studies Confirm Ignoring PCI Compliance is a Critical Mistake

An abundance of research confirms that fraud and identity theft have become major concerns worldwide due to the increasing threats they pose to individuals and organizations.  Top forms of card fraud involve card-not-present transactions, counterfeit cards and fraud due to lost or stolen payment cards.  Malware is an additional growing problem that has increased along with the growth of mobile payment processing.

Too often merchants have PCI compliance low on their list of priorities. A research report published in January 2013 by PCI compliance company ControlScan and the Merchant Acquirers’ Committee, Level 4 merchants, which represent 98 percent of all U.S. retailers, “show a lack of awareness and overall apathy toward PCI compliance and cardholder data security.”

This is extremely troubling given the trend of fraudsters that traditionally attacked larger financial institutions  are now working their way down to less protected organizations which are often smaller, Level 4 merchants who typically process  from one to 20,000 online credit card transactions or one to 1,000,000 face-to-face credit card transactions annually.

Sixty-three percent of data breaches occurred at companies with fewer than 100 employees according to the 2012 Data Breach Investigations Report  (DBIR) by Verizon, makes a lack of concern among merchants that much more problematic.

According to the 2012 DBIR, there were 855 data breach incidents worldwide reported in 2012 that resulted in 174 million compromised records — the second largest data loss total since Verizon began keeping track of breaches in 2004.

At the Northeast Acquirers Association‘s Winter Seminar, held in January in Vermont, Linda Grimm, Director of Consulting Services at Compliance Solutions and Resources told attendees, “You should consider a breach likely, and plan accordingly. It’s not a matter of if, but when and you need to protect all data, not just card data.”

Data breaches can cost millions of dollars, inflict myriad damage to brands and customer relationships, and has the potential to put you out of business for good. Results of the LexisNexis Fourth Annual True Cost of Fraud Study conducted by Javelin Strategy & Research calculates the overall cost of chargebacks for merchandise, as well as fees and interest paid to financial institutions and processors to replace and redistribute lost or stolen merchandise. The cost worked out to $2.70 for every $1.00 in fraudulent transactions in 2012 up from $2.30 in 2011. These figures do not include costs associated with lost business.

“Our research clearly indicates that customers are less inclined to do business with merchants with whom they’ve experienced fraud, yet a surprising majority of merchants surveyed in this study are not aware of this costly after-effect,” said Jim Rice, Director of Market Planning for Retail and E-commerce at LexisNexis Risk Solutions.

Card fraud is a major concern for consumers, financial institutions and retailers.  The magnitude of the problems of data breaches and fraud have been made evident in research across-the-board. It should serve as a call-to-action for financial institutions, consumers and a true wake-up call to retailers to remain constantly vigilant and earn the trust of customers.

The purpose of the Payment Card Industry Data Security Standard (PCI DSS) set of policies and procedures are to ensure the integrity and security of card transactions, networks, databases and facilities and to mitigate risks. PCI compliance is essential to keeping credit card and cardholder information secure.