While the United States has no federally-mandated consumer data privacy regulations, organizations still have a responsibility to protect customers’ sensitive data. Not doing so can have long-term consequences, resulting in potential legal issues and affecting customer loyalty, company reputation and revenue for years after or even permanently – a lesson we can learn from U.S.-based convenience store and East Coast cult favorite Wawa.
In December 2019, Wawa announced a widespread data breach affecting Point of Sale card reader systems at many of its 850 store locations, exposing customers’ financial data and other sensitive information. Since then, the company has been plagued by a flurry of lawsuits from consumers and credit unions claiming negligence for the retailer’s payment card security practices. According to the latest credit union suits, the retailer allegedly failed to adhere to the Payment Card Industry Data Security Standard (PCI DSS) with its practice of swiping cards rather than scanning chips, opening the door for fraudsters to steal customers’ payment card details. As a result, the retailer could now face losing millions to settle related lawsuits.
Although most U.S. retailers may not be subject to government fines in response to a data breach, that certainly doesn’t mean there aren’t consequences – and potentially costly ones at that. According to PCI Pal research, 70% of consumers will leave a brand for several months or even permanently in the event of a data breach, resulting in long-term revenue losses. And while companies won’t be fined for a data breach in most of the United States, they can still be subject to hefty legal settlements. In fact, after Equifax’s infamous breach in 2017, they were sued by the Federal Trade Commission for over $400 million to help those affected by the breach – more than any GDPR fine to date.
Particularly after a difficult year, a data breach – or a lawsuit – is the last thing any organization needs to start off the new year. To avoid costly legal settlements, data security is a must, even if you may not be legally required to do so. If you’re looking to secure customer payment data contact PCI Pal today to learn how our cloud-based secure payment solutions can help.