How much does PCI DSS compliance cost? Probably not as much as you think.

How much does PCI DSS compliance cost? Probably not as much as you think.

We know from the businesses that we speak to that cost is a major consideration when it comes to addressing their PCI DSS compliance. Many perceive that becoming PCI DSS compliant means forking out on expensive software such as firewalls and encryption systems or bringing in extra staff. In reality the costs of PCI DSS compliance don’t have to be as much as you think.

Do you meet the criteria for PCI DSS self-assessment?

Small merchants and service providers can choose to complete a PCI DSS self-assessment questionnaire (SAQ). There are eight different SAQs to choose from, depending on the nature of your business and how payments are made. You might fall under the criteria for more than one of these eight so it is important to make sure that all aspects of your card payment systems are covered.  You can check this with your acquiring bank or payment card brand.

The Self-Assessment Questionnaires are for you to complete without the need to hire an external consultant or to produce and submit a report. In fact, it doesn’t cost you anything to fill in an SAQ so provided you have all your card payment protection systems in place and working efficiently, you could become PCI DSS compliant for just the cost of your time it takes to fill in the paperwork.

More information about completing self-assessment is available here.

What if we can’t self-assess?

For many businesses, self-assessment isn’t an option, either because they’re not eligible or they don’t have the processes in place to reach the required standard to become PCI DSS compliant. For larger businesses and those that process a high volume of card transactions the road to PCI DSS compliance is more complex and requires training of staff or hiring of external service providers. PCI DSS compliance is becoming less about a one-off or annual assessment and more about the ongoing implementation of measures to secure transactions so it is unsurprising that many businesses choose to outsource their card payment systems and, in turn, their PCI DSS compliance to external companies.

At PCI Telecom, we provide card processing systems for payments over the phone and online. Our solutions are entirely cloud-based which means that there is no need to invest in any extra bits of equipment or staff to manage it. Plus, we have PCI DSS Level 1 accreditation so our clients don’t have to worry about using internal resources to go through complex PCI DSS assessment procedures.

As a small business, our overheads are low so we are able to offer very affordable monthly license fees and we make sure that there is no charge for declined or refunded payments. It also means that we can work closely with you to make sure that we create a secure card processing system that’s exactly right for your business and always be on hand to help if you need us. Find out more about our solutions here.

And remember, the cost of implementing PCI DSS compliant measures will never be as much as the fine that you could be handed if your business were to suffer a data breach – up to £50,000 per infringement plus the costs of an invasive forensic investigation and not to mention inestimable damage to your brand. It’s worth looking in to, believe us.