A Breach is Costly in Many Ways

Data breaches are costly for any size retailer, and in many ways. The most obvious losses are financial in nature. The cost of a data breach for a Level 4 (i.e., with less than 1 million card transactions annually) merchant averages $36,000 and can reach or exceed $50,000. If your business were to suffer a breach, your actual cost would be determined by factors such as:

  • Notification of customers – Most states require that the state attorney general as well as customers be notified if their financial information may have been compromised in a data breach. Depending on the number of customers and their locations, the process of sending notifications may cost thousands of dollars.
  • Credit monitoring for affected customers – You may be required to provide up to a year’s worth of credit monitoring services to customers affected by your breach.
  • A mandatory forensic examination – The regulations of PCI DSS require that a merchant that is even suspected of having a data breach undergo a forensic examination to determine if a breach has actually occurred and, if so, to what extent. This examination can last several days and may require the shutdown of your POS during that time.
  • Card replacement costs – Card issuers may require that you pay the cost of reissuing debit and credit cards of those customers whose data has been compromised. These fees can range from $3 to $10 per card.
  • PCI compliance fines – The card associations may levy fines against your business, depending on the nature of the offense that led to the breach, and whether or not the cards have been used in actual fraud cases. Such fines for small merchants can range from $5,000 to $50,000 or more.
  • Liability for fraud charges – Many merchants assume they have no liability for the fraudulent use of payment cards after a data breach. This is not necessarily the case; lawsuits may impose liability on your business under certain circumstances. Your business insurance would not necessarily cover this type of liability (check with your insurance provider to determine exact coverage limitations.

Find out more in Why You Should Care about Payment Security.