The Dangers of Not Being PCI Compliant

System DangerDangers related to credit card processing online and in store in event of a data breach:

  1. Compensation Costs – provide free credit monitoring and/or identity theft insurance to fraud victims
  2. Legal Action – hack victims are quick to file suit
  3. Damaged Reputation - Loss of trust, which could affects future students, donations, services, etc.
  4. Card Brand Fines - The information below is used by VISA as an example of costs related to a breach
    • Approximately $1,000-$50,000 per month of non-compliance
    • $50—$90 fine per cardholder data compromised
    • Cost of forensic and investigation for data breached
    • Suspension of credit card acceptance by a merchant's credit card account provider
  5. Federal Audits (i.e, Red Flag, HIPPA, FERPA) - The Federal Trade Commission, which has the task of monitoring organizations who have failed to comply with PCI and thereby affected large numbers of U.S. citizens, may want to audit the University regularly from here on out. They also may decide to fine the University themselves. In addition, with federal audits come very strict requirements for compliance.
  6. Remediation Costs - The University will have internal remediation costs: costs to investigate what happened, improvements to our security posture, hire and terminate employees ... whatever it takes to fix the internal information security environment.
  7. Lost Revenue -
    • Impediment of recurring membership or donation payments which can require significant CHD storage
    • Difficulty in obtaining funding for internal projects
    • Inability to accept mobile payments at conferences or events
    • Payments for campus dining, bookstores and recreational activities