The Cost of PCI Compliance
Secure payment processing is the key issue facing all merchants processing credit cards today. That includes colleges and universities.
Regulations are getting more complex and security breaches are not uncommon. Add to that the high costs of achieving and maintaining PCI compliance and it's easy to see why most merchants have chosen to work with a PCI compliant partner to help mitigate and offload some of the risk and associated costs.
Below are some general guidelines of costs associated with PCI compliance -- should a merchant choose to travel the PCI compliance path on their own. Keep in mind, these statistics are general guidelines and can vary greatly based on size and scope of the network environment. In some cases, for large universities, the costs can be significantly higher. (These stats are taken from a recent Gartner study. For more information visit www.gartner.com).
There Are Three Cost Components to PCI:
- Initial scope – This is the initial audit to determine scope and where gaps exist.
- Becoming compliant – Cost of technology required to become compliant and close the gaps found in the initial scope.
- Annual cost – Recurring annual cost to remain PCI compliant.
Costs vary depending on the level of the merchant. Under what level do to most colleges and universities fall? Click to find out. PCI Compliance: What level is my college or university?
Level 1 Merchant:
- Initial scope - $250,000
- Becoming compliant - $550,000
- Annual cost - $250,000
Level 2 Merchant:
- Initial scope - $125,000
- Becoming compliant - $260,000
- Annual Cost - $100,000
Level 3 and 4 Merchants:
- Initial scope - $50,000
- Becoming compliant - $81,000
- Annual cost - $35,000
Compliance is Cheaper Than Non-Compliance
There are other factors to consider as well. Consider the cost of non-compliance.
- If a merchant is found to be non-compliant they can be fined up to $25,000 per month.
- Additionally, they are susceptible to huge fines if a breach occurs -- in some cases, into the millions of dollars.
- Breach costs have been estimated to be between $100 and $300 per breached record.
- The price of your institution's damaged reputation is difficult to quantify ...
Final Considerations (And The Good News)
PCI Compliance will not get simpler. It will only get more complex. The Security Standards Council releases a new version of the PCI DSS about every 2 years and each version is even more complicated than the previous version. No surprise, the average cost of compliance goes up with each PCI DSS release. There are recurring audits, additional/new hardware requirements needed to meet the advancing compliance regulations, etc.
But here's the good news. Colleges and universities can work with NBS to significantly mitigate and offload PCI compliance risk. As a PCI Level 1 compliant service provider to higher education, our job is to help take the overwhelming challenge of PCI compliance and make it easy for the institutions we serve.
By working with an approved vendor like NBS, you no longer store, process, or transmit card data. NBS handles that for you in our PCI Level 1 secure payment processing envrionment. This significantly reduces PCI scope for your college or university and helps ensure your customers' (students) sensitive payment informaton is secure.