What happens if you fall foul of PCI DSS regulations?

What happens if you don’t comply with PCI DSS regulations?

‘It’ll never happen to us.’  Well, actually it might. More and more businesses are finding themselves the targets of hackers as cybercrime reaches record levels.

And it’s not just large corporates that need to be careful. Small and medium size organisations are just as likely to become victims of a cyber attack. According to Small Business Trends, 43 percent of cyber attacks target small businesses with only 14 percent of them rating their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective. 60 percent of small companies go out of business within six months of an attack.

That’s the whole point of PCI DSS regulations – to provide businesses with a set of standards, relative to their size, to help them prevent a breach and protect their customers’ data.

So what can happen if you don’t comply with PCI DSS regulations? And what if your business does find itself a victim of a cyber attack?

You could be liable for non-compliance fines.

Before you’ve even encountered any form of data breach, you could be in receipt of a fine for not complying with PCI DSS regulations. While the standards aren’t a legal requirement, it is a contractual obligation between you, your acquiring bank and the payment providers.

Data may be at risk of being compromised.

There is a sequence of steps that takes place when a person makes a payment using their card over the phone or on the internet. Hackers target the weakest link in this process which, more often than not, is the merchant. If your business doesn’t operate PCI DSS compliant systems that cover the latest regulatory changes, then there is a high risk your customers’ sensitive details could end up in the wrong hands.

If you have a suspected breach, you’ll undergo a forensic investigation with a PCI Forensic Investigator…

…and the cost of this will sit entirely with you if there is sufficient evidence to show that your systems were responsible for the data breach and this could run into thousands of pounds.

You’ll receive a fine

In addition to the Forensic Investigation costs, if your payment processes are found to have been non-compliant then you’ll also be liable to pay a significant fine – up to £50,000 per infringement.

Your reputation will be damaged

Having to pay a whopping fine is one thing but managing to preserve your company’s brand reputation is quite another. The damage caused as a result of a data breach could be irreversible. The Deloitte Consumer Review, ‘Consumer data under attack: the growing threat of cyber crime’ 2015, states:

‘Consumers are very clear in their message to businesses and third-party organisations: the number one issue that would make consumers reconsider using an organisation is if that organisation lost their data or failed to keep it safe’

At PCI Telecom we have PCI DSS Level 1 accredited solutions which means that our fully compliant card payment processes are recognised as being secure to the highest standard.  We create bespoke, cloud-based, card processing systems for payments over the phone and online and we work closely with you to make sure that the system fully integrates with your existing set up. Find out more about our solutions here or get in touch.