PCI DSS compliance is difficult and expensive. What if my business can’t afford it?
Understanding and implementing the 12 requirements of PCI DSS (Payment Card Industry Data Security Standard) can seem daunting. However, PCI DSS mostly calls for good, basic security. Even if there was no requirement for PCI DSS compliance, the best practices for security contained in the standard are steps that every business would want to take anyway to protect sensitive data and continuity of operations. The business risks and ultimate costs of non-compliance can vastly exceed implementing PCI DSS – such as fines, legal fees, decreases in stock equity, and especially lost business.
Implementing PCI DSS should be part of a sound, basic enterprise security strategy, which requires making this activity part of your on-going business plan and budget.