The Payment Card Industry’s Data Security Standards (PCI DSS) mandate that all entities transmitting, storing or processing cardholder data must meet certain security criteria to ensure compliance. Noncompliance with these standards can lead to a fine or even a termination of service for the offending organization. These is plenty of information in the public domain on how to ensure compliance. However, for many FinTech start-ups, the real challenge is to ensure compliance while minimizing the cost of compliance.
In the banking industry, multi-billion dollar fines are not unheard of anymore. We live in a decade where large banks actually earmark several billion dollars towards both pre-emptive and reactive regulatory compliance and its associated costs (like fines and litigation for example). In fact, the entire RegTech industry exists in order to help companies optimize their regulatory compliance.
When it comes to the payment services industry though, PCI DSS compliance is probably one of the more important, and costly, variables in the regulatory cost equation. The cost of PCI DSS compliance can range from a few thousand dollars a year to several million depending on the size and nature of the business. This cost, like all other business costs, presents a significant barrier that new FinTech start-ups have to contend with if they are to compete toe-to-toe with the established financial service behemoths.
One way they are levelling the playing field is by optimizing their compliance costs.
Cloud services have been a godsend for small start-ups and even medium sized businesses. Rather than investing scarce resources on significant upfront capex outlays, start-ups can instead tap into cloud services and pay for what they use. Let’s take a brief look at the benefits of using HSM as a Service for PCI compliance:
We continue with the benefits of HSM as Service for PCI DSS compliance in part 2 of our series. In part 2, we also look at what factors must be taken into consideration when making a choice about opting for HSM as a Service for your PCI DSS compliance.