Businesses paying big money to become PCI Compliant
Posted on Tuesday, October 09, 2007
UPDATE: I've updated my previous post on this topic so it now has all of the information below and more.
As a follow up to a post I wrote earlier this week about the cost of PCI Compliance, I read an article in the Wall Street Journal that had some good data about what businesses are spending to become compliant. The authors profiled Guitar Center, a company that has 210 stores nationwide. The company was cited as having spent nearly $500,000 purchasing monitoring software, security tolkens, and wireless security software. I'm sure that there are other technologies they purchased but were not mentioned. They also reported estimates from Gartner that the average Level 1 merchant, who by definition processes more than 6 million card transactions annually, spent on average $568,000 on technologies needed to become PCI compliant.
This year alone the spend among the largest companies to become compliant will be in the range of $400 to $500 million. Level 2 merchants, those that process between 1 million and six million transactions annually, were estimated to have spent $267,000 on technology to become compliant. Keep in mind that these figures only include technology costs and not time and effort of researching and implementing the solutions. It also excludes the opportunity costs of having the same people working on other company money making initiatives.
