How Much Does It Cost?
How much does it cost not to suppress? If we think about this in the realms of ICO and the PCI Council, the current legislated fine is for each account data known, for account data that is taken from your environment and then used to transact. For each time you transact, there’s a fine of £200,000 per transaction. This is why losing entire databases of account data that you should never have can cripple a business. You could be into millions of pounds worth of fines very, very quickly. As we all know, the fines aren’t against the business, it will be at Director level. It’s the Directors that will be prosecuted for that same theft. Nevermind the reputational damage, nevermind the bad press, nevermind how untrusted you become by a customer for collecting data if you’ve done it wrong.
Guidelines Are Always Changing
The cost really is not relevant at this stage. I think you have to understand what the cost is to the business from not doing these things and just choosing to ignore them. I’m afraid that with the changes to PCI in November, there is now no defence to not being compliant because they’ve been very clear. They’ve specifically listed a contact center, they’ve specifically listed cardholder-not-present and they’ve specifically listed pause and resume not being sufficient to take you out of the scope of risk. I don’t think you can afford not to suppress.
Presented by Mark Kelly – Chief Commercial Officer (CCO) at Key IVR