Internet Retailer - Strategies For Multi-Channel Retailing
Home Editorial Guides Conferences Free Subscriptions
search
Advertising Online Wholesalers Contact Us
EC Technology Guide—NEW
Search Marketing Guide
IRCE 2009 CD-ROM
Top500Guide.com
2009 Top 500 Guide
Web Design Guide
Web Design 09 CD-ROM
Order Reprints/E-Prints
Buyers Guide
Find a Vendor

News Stories
News Stories Thursday, January 3, 2008   
E-Mail 'Internet Retailer: Marketing Conference/Exhibition June 2007' to a friend  Printer Friendly: Internet Retailer: Marketing Conference/Exhibition June 2007   
IRWD2010 Conference

Costs of data breach far overshadow cost of PCI compliance, study finds

The cost of a data breach for the largest retailers could be as much as 20 times the cost of compliance with the Payment Card Industry Data Security Standard, according to an analysis from information technology security firms Solidcore Systems, Emagined Security and Fortrex Technologies Inc.

The largest merchants—classified as Level 1 merchants under the security standard, commonly known as PCI DSS—are those that submit more than 6 million Visa transactions annually. They must meet the most stringent PCI requirements. Retailers that have been the subject of a database compromise also fall under Level 1, regardless of how many transactions they submit annually.

Top 500 Guide

The analysis estimates a Level 1 merchant spends between $2 million and $10 million within one to two years to upgrade its payment systems and security infrastructure. New components that might have to be installed include additional firewalls, upgraded anti-virus and anti-spyware software, secure wireless systems, data encryption technologies and file-integrity monitoring software.

In addition, a Level 1 merchant could spend between $250,000 and $3 million annually for security audits by a qualified security assessor, dependent on the merchant’s previous compliance level and ongoing ability to pass audits of PCI-required controls, and an additional $1 million to $5 million annually on sustaining compliance.

In total, a Level 1 merchant could spend between $3.5 million to $18 million on compliance, according to the analysis.

In comparison, the cost-per-record following a data breach could be as high as $200, with the total cost of a data breach ranging between $100 million and $250 million, according to the analysis. The estimate on the cost of a database breach was based on interviews with retailers and information from TJX Companies Inc.’s public filings on costs related to the highly publicized data breach that the retail chain operator disclosed in January 2007.

“The cost of compliance is only a fraction of what a company might pay for not complying with the PCI data security standard, and is certainly overshadowed by the potential cost of a breach,” the analysis says.

Back...

Guide to Retail Web Site Design & Usability

Copyright © 2006 This content is the property of Vertical Web Media. Privacy Policy
Articles by Age, Title, Author. Conference, CD, Guides