As companies are evaluating compliance strategies, the number one concern that comes up is ‘where is security going to fit within the budget?’ As more and more companies hit the headlines as victims of a data breach, PCI compliance is turning from a bare minimum line item to a customer and brand investment. In the wake of recent breaches, we’ve seen the costs really stack up for these companies, the most covered of which is Marriott International.
With the release of the PCI Security Council’s PCI DSS 3.2.1 and the EU’s GDPR, the penalties are far heavier for non-compliance than the slap on the wrist and minimal brand repair that used to go hand-in-hand with a breach. This article highlights the additional fines and penalties heading Marriott’s way.
In a recent research study PCI Pal conducted, 41% of consumers want the business to admit responsibility and invest money in improving its security efforts. But for some, that isn’t enough: 26% want a third party to confirm its ecosystem is safe before spending with them again, and 21% go even further to require the company to announce PCI or GDPR compliance to earn back trust. In total, 88% of consumers require businesses to make additional investments in their security after they are hacked.
Through this research, we’re seeing not only formal regulations but also customers holding organizations to higher standards.
To learn more about de-scoping your contact center and becoming, and remaining PCI compliant, reach out to us.