The True Cost of Data Breaches in the Payments Industry
Publication Date: March 2015
Data breaches are increasingly impacting businesses across the globe, with the average cost paid by a breached organization reaching $5.9 million at the end of 2014. The white paper, “The True Cost of Data Breaches in the Payments Industry,” provides a resource for payments industry stakeholders to understand the true impact a data breach might have on their organization. By analyzing and understanding the potential costs of a data breach, issuers, merchants, acquirers and processors can create the business case for developing a proactive data breach prevention strategy and for creating breach response plans.
The white paper provides a resource for organizations to better understand the substantial tangible and intangible costs associated with data breaches, and why investing in strong preventive technologies is important. The impact of a data breach reaches all levels of an organization. An upfront, preventative approach, such as layering EMV chip technology, tokenization and encryption, is an effective way to prevent breaches and reduce costs if a breach does occur.
The white paper addresses these key topics:
- Definition of a data breach, clarifying how breaches can occur and what is considered a data breach
- Recent data breach statistics and reported costs
- Definition of both quantifiable and intangible costs that need to be considered when calculating the total cost of a data breach. Some of the potential costs include card reissuance, chargebacks, credit monitoring, fraud analysis, legal fees, liability costs, loss of “top of wallet” status, lost revenue, penalties, security upgrades and others
- Identification of the impact of different costs for each stakeholder group, including acquirers, merchants, issuers, card holders, payment brands and others
About the White Paper
The Smart Card Alliance Payments Council developed this white paper to provide an educational resource on the potential costs that could be incurred during a data breach. Participants involved in the development of this white paper included: ABnote, American Express, Capgemini, CH2M HILL, Chase, CPI Card Group, First Data, Fiserv, Giesecke & Devrient, Heartland Payment Systems, Infineon Technologies, Ingenico, INSIDE Secure, Intelcav, JCB International Credit Card Co., Ltd., NXP Semiconductors, OATH, Oberthur Technologies, OTI America, Tyfone, Verifone, Visa Inc., Wells Fargo.
About the Smart Card Alliance Payments Council
The Smart Card Alliance Payments Council focuses on facilitating the adoption of chip-enabled payments and payment applications in the U.S. through education programs for consumers, merchants, issuers, acquirers/processors, government regulators, mobile telecommunications providers and payments service providers. The group is bringing together payments industry stakeholders, including payments industry leaders, merchants and suppliers, and is working on projects related to implementing EMV, contactless payments, NFC-enabled payments and applications, mobile payments, and chip-enabled e-commerce. The Council’s primary goal is to inform and educate the market about the value of chip-enabled payments in improving the security of the payments infrastructure and in enhancing the value of payments and payment-related applications for industry stakeholders. Council participation is open to any Smart Card Alliance member who wishes to contribute to the Council projects.