News

Smart Card Alliance lays out real cost of data breach

By the end of 2014, the average cost to a business affected by a data breach stood at $5.9 million, the alliance says.

March 25, 2015

To help payments industry stakeholders understand the full effect that a data breach might have on their organization, the Smart Card Alliance has released a new white paper, "The True Cost of Data Breaches in the Payments Industry."

The document is meant to help issuers, merchants, acquirers and processors create the business case for developing a proactive data breach prevention strategy and response plan.

"The impact of a data breach reaches all levels of an organization," said Randy Vanderhoof, executive director of the Smart Card Alliance. "Therefore, an upfront, preventative approach, such as layering EMV chip technology, tokenization and encryption, is an effective way to prevent breaches and reduce costs if a breach does occur." 

Topics addressed in the document include:

• definition of a data breach, clarifying how breaches can occur and what is considered a data breach;
• recent data breach statistics and reported costs;
• definition of both quantifiable and intangible costs of a data breach, including card reissuance, chargebacks, credit monitoring, fraud analysis, legal fees, liability costs, loss of "top-of-wallet" status, lost revenue, penalties, security upgrades; and others; and
• identification of the cost to each stakeholder group, including acquirers, merchants, issuers, cardholders, payment brands, and others.

The paper is available online at no cost.

A separate document, "Technologies for Payment Fraud Prevention: EMV, Encryption and Tokenization," also is available for download.