Verizon’s 2015 PCI Compliance Report found that 69% of customers are less likely to do business with an organisation that has suffered a data breach.
This means that once you’re past the fines, lawsuits, management changes and bad press, you also need to deal with the fact that your customers may not be coming back.
That’s not the most disappointing statistic from the report, though. Verizon also noted that “of all the companies investigated by our forensics team over the last 10 years following a breach, not one was found to have been fully PCI DSS compliant at the time of the breach.”
To me, this says one thing: if a business can’t see the benefits of securing its customers’ information, then it doesn’t deserve the benefits of having customers.
PCI DSS compliance
If an organisation processes, transmits or stores cardholder data, then the PCI DSS applies to it. It’s as straightforward as that.
There are extensive PCI DSS resources out there that give an organisation all the information and skills it needs to ensure that it’s compliant.
Failing to achieve the correct level of PCI compliance is inexcusable.