Welcome to Sixty Seconds of Privacy, an e-newsletter brought to you by the Privacy and Data Security practice group at Thelen Reid Brown Raysman & Steiner LLP.
Each edition of this e-newsletter addresses one interesting legal development in the area of privacy and data security, in a brief "question and answer" format. Each edition is intended to be read in about a minute, yet will update you on an important development. We pick the topics for this e-newsletter based on what our clients are concerned about. You are welcome to submit your questions or suggestions to us, and you may find your sixty second answer in an upcoming edition.
Question: I hear that Visa has allocated over $20 million to offer financial incentives for merchants, banks and their service providers to comply with the Payment Card Industry's data security standards (the "PCI standards"). Can my company take advantage of these incentives?
Answer:
Over the last few years, credit card institutions have enforced the PCI standards by imposing fines on non-compliant merchant banks, and by threatening to revoke merchants' ability to process credit card transactions. Visa issued approximately $4.6 million in fines in 2006, up from $3.4 million in 2005.In December 2006, with PCI compliance levels still lagging, Visa announced a new approach to encourage companies to comply with the PCI standards: not only will Visa increase the applicable fines for non-compliance, but it will now offer $20 million worth of financial incentives to merchant banks that can demonstrate that their large merchants are in compliance with the PCI standards.
If your company is a merchant bank, you may be able to take advantage of Visa's new incentives program if the merchants for whom you process transactions are compliant with the PCI standards. You may consider passing through to your merchants a portion of the financial incentives received from Visa to provide incentive for their compliance.
If your company is a large merchant, you may be able to take advantage of Visa's new incentives program by leveraging your PCI compliance to negotiate with your merchant bank for lower fees.
In any event, PCI compliance may avoid security breaches that are publicly embarrassing and costly. Security breaches are said to cost companies an average of $4.8 million per breach, according to an October 2006 Ponemon Institute study. Any company that stores, processes or transmits payment card information is required to comply with the PCI standards, and should evaluate both the disadvantages of non-compliance as well as the advantages of compliance.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.