About   Advertise   Archives   Education   Glenbrook   Jobs   Store   Views   Subscribe:

What's the Industry Cost of PCI Compliance?

Tags » Data Security, Merchants, PCI Compliance  » Comments (1)

A few weeks ago, as part of an article about Hannaford's recent card data breach, I blogged about my 'guestimate' of the cost of PCI compliance across the industry. I said: "Seems like somewhere between US$100 million and US$1 billion?" and asked for reactions. No one reacted - so maybe everyone agreed with my estimate?

Tonight at dinner with some sophisticated, experienced players actively involved in the business of PCI compliance, I posed the same question. After chewing on it a while (it takes a few minutes to comprehend the magnitude of the question!), they settled in on the figure of US$2 billion - to me a pretty staggering sum! Does spending of that magnitude significantly change the economics of card acceptance for merchants?

Posted: May 14, 2008 08:36 PM Pacific |   |   |   Tweet This

Add your comment... (note that all comments are reviewed before they're published)

Feed You can follow this conversation by subscribing to the comment feed for this post.

PCI Compliance, as currently structured, is the tip of the iceberg in transforming the ways that merchants deal with credit cards. Only big security firms can afford the costs of becoming PCI Qualified Assessors.

The only way that the standard can go is to get progressively tighter, and to migrate the certified assessments to smaller and smaller companies. The net effect of this is to dramatically increase costs of dealing with credit cards.

What I think will happen is the following - many merchants will reassess the "collect all data at any cost" mindset. In particular, with credit cards and other high-liability data elements, they will seek to become transit points, passing the data through to a major processor and never handling or retaining it themselves.

Some of the retailers are already complaining about the requirements to keep card data (see NRF for example) that brings them under PCI. They get this.

Net net, smaller processors will be driven out of business, card acceptors will pass through transactions to a major acquirer, and life will go on. Until changes to interchange, that is......

Posted by: Frank J | May 15, 2008 at 08:51 AM

If you have a TypeKey or TypePad account, please Sign In

Sponsors

News View

Payments Consultants

Subscribe

Search

Languages
Glenbrook Partners

PAYMENTS NEWS IS PRODUCED BY AND IS A SERVICE MARK OF GLENBROOK PARTNERS, LLC
ISSN 1556-4487

Glenbrook's Consulting Services

  • Innovation and Strategy
  • Payments Product Development
  • Payments Market Assessments
  • Payments Vendor Selection
  • Merchant Payments Optimization
  • Payments Risk Management
  •  
  • To discuss how Glenbrook can
    help you    , email us:

Glenbrook's Payments Education

  • Payments Boot Camp
  • Emerging Payments Roundtables
  • Special Focus Workshops
  • Private Payments Workshops
  •  
  •  
  •  
  • For more information on Glenbrook's payments education, email us:

Tools for Payments Professionals

  • Glenbrook Writings
  • Payments News
  • Payments Jobs
  • Payments Education
  • Payments Bookstore
  • Payments Glossary
  •  
  • To send us news that you'd like us to cover on Payments News, email us:

Contacts:                        
Compilation Copyright © 2002 - 2009 Glenbrook Partners LLC. All Rights Reserved.
Terms of Use        Privacy Policy        RSS Feed        Payments News RSS Feed

Subscribe to Payments News   

Follow Payments News on Twitter for Real-Time Updates