For those of us in the contact centre industry, PCI DSS compliance can often feel like a complicated, confusing, and costly part of doing business. However, with technology constantly evolving and data breaches becoming ever more prevalent, can your organisation afford to take the risk of non-compliance?
The Risk to Your Bottom Line
While bank fines for PCI DSS non-compliance were scrapped earlier this year, this does not mean that there are no financial consequences for being found in breach of regulations. If your organisation is found to be non-compliant you may not face bank fines, but you almost certainly will face higher banking fees for your transactions, as banks will see you as a higher risk to security.
Worse, if you were to suffer a data breach and your business was found to be at fault, the financial penalties would likely be insurmountable. As well as the ensuing expensive forensic audits, the cost of compensation or card replacement, loss of sales, and any potential legal fees, you may be subject to ICO fines of up to £500k. If that sounds bad it might be worth bearing in mind that, when the new EU GDPR comes into effect in 2018, these penalties will rocket to €20m or 4% of your entire annual turnover.
The Risk to Your Reputation
Of course, it’s not just financial penalties that can force a business into closure. If you’re found to have suffered a breach that PCI DSS compliance would have made preventable, the damage to your reputation is likely to be high. Not only could this affect future business, it can also cause an immediate drop in share prices and declining sales that are often hard to recover from.
The Risk to Your Customers
It goes without saying, customer safety and data security should be of paramount importance to any organisation responsible for handling and storing sensitive data. In a world where so much of life is conducted online, data breaches can have a severe impact on the lives of your customers – from financial loss to identity theft. Keeping customer data secure is therefore vital, and complying with the requirements of PCI DSS is the best way to ensure this.
So what do you think? That PCI DSS audit doesn’t sound so bad now, does it?