Understanding the Risk

Data Breaches: The Risk is Real!

According to the 2011 Data Breach Investigation Report, by Verizon, data breaches are substantially on the rise, as the total number of breached records more than doubled between 2009 and 2010.  

In addition, the hospitality and retail industries shoulder the brunt of data breaches, accounting for approximately 65% of all breach cases.

Most commonly at risk are merchants like you

Industry research suggests that the following are primary factors for high level security breaches:

• Vulnerabilities within the Point-of-Sale (POS) system
• Lack of a firewall and overall network security
• Default usernames and passwords
• Single-factor remote access solutions
• Low level of security on employee workstations

As more organizations use high-speed Internet connections to process credit cards, there is a higher risk of data exposure and breaches. Without proper security measures in place this is an open invitation for hackers to access POS systems and anything else that is connected to the network.

Consequences of Non-Compliance

Data breaches can be devastating and costly events that can jeopardize the strength and viability of even the most resilient companies. According to the 2009 Global Cost of a Data Breach study done by the Ponemon Institute, the average loss per record in the United States is approximately $204.  As a result, depending on the size of the breach, costs to a business owner can easily run in the millions of dollars.

Consequences Include:

• Fines and fees: Non-compliance fines, penalties from the credit card companies and acquirers, card replacement fees and more!
• Lawsuits: Companies can (and have!) been sued for not protecting customer information.
• Lose your ability to accept payment cards: Following a data breach, the credit card companies can take away a business’ ability to process credit cards, which significantly reduces the amount of transactions that can be accepted.
• Increased security expenses: Card brands (like Visa) and government agencies (like the Federal Trade Commission), can require breached companies to use more expensive security measures to avoid future incidents.
• Damaged brand reputation: It only takes one incident to damage the reputation of your business and that of an entire brand.
• Loss of customers: A Cintas survey revealed that 91 percent of customers would not return to a business if their personal information was previously stolen. Data breaches significantly decrease customer retention and loyalty which will hurt your profits in the long-run.

Benefits of Compliance

While most merchants only hear of the negative consequences for non-compliance, there are plenty of positive reasons to become compliant.

Benefits Include:

• Avoiding fines and fees: If you happen to get breached, and your business is fully-compliant with the PCI DSS, you can avoid the associated fines and fees.
• Reduce risk of civil liability: If you are breached and any subsequent civil litigation arises from the breach, courts will look at your case more favorably if you can demonstrate you did your part to protect your customer information.   
• Peace-of-mind: As one of the most important benefits to becoming compliant, you’ll have peace-of-mind knowing that your business, customers and livelihood will be protected. In fact, you can communicate your compliance to customers as another reason to visit your business over another.