There are a couple of reasons on which cost of PCI DSS Compliant depends, which includes the type of your business, annual number of transactions, current IT infrastructure, and the existing credit/debit card network of processing and storing data.
Possible PCI Compliance Fees
According to estimations, the largest merchants of nation, categorized as Level 1 merchants (having more than 6 million transactions a year), spent $125,000 assessing the possible required PCI related work and an addition of $568,000 to meet the PCI requirements.
Reports state that level one 1 merchant, a national retailer having 210 stores, spent about $500,000 to become compliant. Furthermore, Level 2 merchants carrying out annual transactions in between 1 and 6 million may require spending $105,000 for assessment and an addition of $267,000 for compliance.
Level 3 merchants carrying out e commerce transactions between 20,000 to1, 000,000 are supposed to spend $44, 000 for assessing and $81, 000 more for compliance. The level 4 merchants handling e commerce transactions below 20,000 have different prices to pay for being compliant, which depends on the type of business.
The costs of being PCI Compliant just don’t end here; instead, there are a couple of additional costs. This might include the fee required for software and hardware upgrading, if the data is stored in house. According to calculations an organization having 100,000 credit cards on file is required to give $6 in encryption costs per card. On the other hand, technologies like tokenization can be used by the merchants. In tokenization (in which data storage is remote) there is a per transaction fee in place of upfront cost. In all of these estimates no opportunity and cost labor cost of other profit making endeavors has been included.
Requirements of the Merchants
A merchant accepting, processing or storing credit card data needs to be compliant. It is still essential for small retailers and restaurants using a single POS system or terminal to be PCI Compliant. Both businesses are required to fill out Self Assessment Questionnaire, but the compliance process is much less involved. POS systems used by merchants are required to stay extra careful to make sure that no prohibited card data is being stored improperly and are needed to validate their vendor as PABP compliant (soon to become PA DSS).
Cost for Being Non compliant
Being noncompliant is not an option and every large merchant is required to be PCI Compliant otherwise they will be imposed with huge monthly fines. A merchant being noncompliant has to pay additional interchange cost which will result in higher processing cost. The card brands are most likely to charge fines when a merchant is noncompliant at the time of data breach.
Also, the discovery and face remediation costs can be huge than the fines itself. The cost of data security break can be anywhere from $90 to $305 per customer data breached. Some merchants find PCI DSS requirements quite annoying and get frustrated about it; while some consider it as basic security requirements and think that it should be in place.