Benefits of PCI DSS Compliance

One of benefits of PCI compliance is that your organization will not be fined in case of a compromise. If the post-mortem analysis shows that your company was still compliant at the time of the incident, no fines will be assessed, and you will be granted what is known as “safe harbor.” It is likely that your company will be taken to civil court regardless of your compliance status should a breach occur. However, a jury will be much more sympathetic to your company’s case if you can show that due diligence was practice by the virtue of PCI compliance.

More immediately, if your company is a Level 1 or Level 2 merchant, you may be eligible to receive a part of the $20 million in financial incentives from Visa. In December 2006, Visa USA announced their PCI Compliance Acceleration Program (CAP).Those merchants that demonstrate compliance by August 31, 2007, may receive a one-time payment incentive.

Another form of incentive deals with transaction costs. As part of the CAP program, Visa USA announced that the interchange rates will not be discounted for acquirers that have not validated PCI compliance of their merchant clients. Come October 1, 2007, acquirers may start passing the increased costs to the merchants that have not reached compliance.

Whether it is avoiding fines or getting incentives, the greatest benefit of PCI compliance is the peace of mind that your IT infrastructure and business processes are secure. Again, if you are a CFO or a comptroller, think about the data breach cost avoidance. Crunch the ROI numbers as you read more and more about TJX’s plight. Your marketing department may also appreciate the compliance status.The name of your company will be listed on each card brand’s Web site.You can also get certification logos from your QSAC, a must have for your Web site.A recent poll showed that 40 percent of consumers will not deal with a company they know has been breached, so by addressing your customers’ concerns you may get more business in the process.