StillSecure have produced the “StillSecure PCI Calculator”, a free online tool designed to help Level 1 though 4 retailers examine, and potentially significantly reduce, the costs and complexities associated with PCI compliance. It is a very interesting approach to calculating the cost of compliance.
From the StillSecure press release:
Gartner issued its Retail Security & Compliance survey 2011, which examined security processes used by organizations subject to PCI, including current level of PCI compliance, spending on PCI compliance, and security threats. Among the key findings, the survey revealed that the costs associated with PCI security and compliance for merchants — excluding the cost of assessors — is an average of $1.7 million over 2.35 years. Over the same time period, Level 1 retailers spent an average of $2.1 million on PCI compliance, with Level 2-4 retailers spending an average of $1.1 million.
Based on the Gartner research StillSecure claim that by using their PCI Complete security solution, Level 1 merchants would save approximately $750,000 by utilizing StillSecure’s solution, and Levels 2-4 would save over $400,000 over the same period.
“Gartner’s Retail Security & Compliance Survey 2011 data clearly shows that organizations are spending significant amounts to become PCI compliant,” said Avivah Litan, VP Distinguished Analyst, Gartner, Inc. “The data further shows that it’s not easy to become compliant and many retailers may be overwhelmed with the complex and numerous steps involved in the process. In fact, security breaches are common. Our assessment underscores the importance of exploring all available options for compliance and security.”
The Gartner report also tracked overall PCI compliance investments and PCI-related security risks. While 28 percent of respondents believed that their organization had to spend too much money to comply with PCI standards, 43 percent of respondents had experienced at least one type of security incident.
“StillSecure has been intensely focused on helping organizations achieve PCI compliance through our fully managed, independently approved solution, PCI Complete,” said Rajat Bhargava, CEO of StillSecure. “These solutions are certified by one of the world’s most stringent qualified security assessors (QSAs) and include PCI monitoring, scanning, as well as reporting and evidence creation capabilities that will save organizations as much as 30 to 50 percent on PCI compliance and auditing. Our PCI Calculator allows organizations to compare their current PCI compliance expenditures with other merchants of similar size, while also informing them on steps to reduce the costs of compliance.”
Download the PCI Calculator for yourself here, registration is required.