PCI Free Blog

Fraud Costs the Electronic Payments Industry Over a Quarter Billion Dollars in 2009

Do you still think your business is too small to warrant the attention of hackers and thieves?  Still think you’re under the radar and have saved a lot more time and money by not becoming PCI compliant and loosely following the PCI DSS requirements?

An independent research company report estimated that credit and debit card issuers paid almost $253,000,000 to replace hacked in 2009!  This was partially the cost of having to replace and reissue over 70 million cards to customers.  The rest comes from legal fees, lost business and other incidentals associated with major information losses.  If those numbers don’t make you start to sweat, consider the fact that in most of these cases, the merchant that is hacked can assume that they will be responsible for paying the production and manufacturing costs associated with reissuing the cards to all of the affected customers.

A representative of the independent research company that published the report offers a low ball estimate of about $3.50 per compromised card.  So if your business is hacked and a small number of customers’ information, say a thousand, is stolen.  That’s $3500 right off the bat, before anyone’s actual identity is stolen of money lost from their accounts.  If that happens, guess who is potentially liable for the reimbursement of lost funds and crushing legal fees to defend yourself against lawsuits filed by angry former customers? 

Now consider an even more disturbing contesting viewpoint.  Another representative from the electronic payments industry claims that $3.50 per card is far too conservative an estimate.  He points out that many of the institutions issuing credit cards are not huge national banks with vast resources that own their own plastic card manufacturing equipment.  Smaller banks often have to outsource the task of producing the plastic cards with encoded magnetic stripes.  This can propel the cost of each individual card replaced as high as $20.  Now your $3500 bill from the card issuers has blown up to $20,000!

I hope that has got your attention now.  And don’t forget, that’s just a flat materials and production cost and doesn’t take into account the legal fees and loss of revenue due to loss of customers. 

If you aren’t PCI compliant or your PCI compliance has lapsed, don’t hesitate, don’t put it off, update your PCI compliance today.  You can do it for free on this site.

This entry was posted in PCI Compliance, Sensitive Data Storage. Bookmark the permalink.

Leave a Reply