PCI Free Blog

Some Frightening Numbers Regarding Sensitive Data Breaches.

So you’re still not concerned about your business’s PCI Compliance status?  At this point in the game, you’re moving from slow to implement new standards to just plain foolhardy.  Consider the fact that, ultimately, no one is one hundred percent safe from hackers bent on stealing sensitive authentication data, PCI compliant or PCI Compliant.  The PCI DSS and maintaining your PCI compliance is the best way to prepare for the worst and attempt to anticipate criminal methods.  It is also designed to detect and address existing weak spots & vulnerabilities in your computer data base and computer security products.

If you aren’t PCI Compliant yet, you could be harming more than just your customers.  An independent internet technology and compliance research firm has found that the loss of sensitive authentication data have financial woes that include an average 8.1% loss of customer base and an average 8% decline in revenue.  After paying a host of fines and fees that you may incur following a data breach, a loss of revenue could put you out of business.  Research done on Visa’s behalf also reported that 3 out of 4 card holders won’t shop again at a business that has experienced a loss of sensitive authentication data.

The Verizon Business RISK Team performed a survey of two hundred and eighty five million compromised accounts in 2008 (it was a peak year) and found that seventy five percent of them were comprised of retail, financial services and food and beverage merchants.  Even more revealing, the study found that the vast majority, ninety nine point nine percent, of compromised records were stolen from non-secure network servers and non PCI compliant software applications.  They also found that eighty three percent of confirmed stolen account numbers were used for fraudulent purposes, and of these, ninety one percent were linked to organized crime.

And now to my main point of why PCI Compliance is so important: eighty one percent of those compromised were found to be not compliant with the PCI DSS or had never been audited for PCI DSS requirements.  Interestingly, in sixty sic percent of cases, the stolen data was data the victimized company didn’t even know existed on any of their systems.  What are you waiting for?  Get compliant now.  Visit our homepage to find out how to become PCI compliant easily, and best of all, for free!

This entry was posted in PCI Compliance, PCI DSS and PA-DSS, Sensitive Data Storage. Bookmark the permalink.

Leave a Reply