SOURCE: Solidcore

January 15, 2008 08:30 ET

Industry Leaders Reveal True Cost of PCI Compliance

Non-Compliant Merchants Can Pay 20 Times More Than Compliant Merchants

NEW YORK, NY--(Marketwire - January 15, 2008) - Today at the National Retail Federation (NRF) Annual Convention, Solidcore® Systems, Inc., Emagined Security, and Fortrex Technologies announced the availability of a new report analyzing the costs of achieving and sustaining compliance with the Payment Card Industry Data Security Standard (PCI-DSS). The report entitled "PCI Compliance Cost Analysis: A Justified Expense" reveals that the cost for merchants and service providers not meeting the PCI requirements can be 20 times greater than the cost of proactively becoming compliant.

Solidcore Systems, Emagined Security and Fortrex Technologies identified three main categories of costs to provide an insider's perspective on the overall costs associated PCI DSS compliance. The cost categories are described as:

1) Upgrading Payment Systems and Security Infrastructure,

2) Verifying Compliance (Assessments), and

3) Sustaining Compliance.

The report evaluated costs incurred by a Level 1 merchant with 2,000 to 2,500 retail locations, and found that the cost of PCI compliance can be as high as $18 million compared to as much as $250 million for not meeting and sustaining compliance.

Subsequently, Solidcore and Emagined Security also polled 201 IT and compliance professionals and found that more than half (57 percent) of the respondents admitted their organization either experienced or did not know if they had experienced a compliance control deficiency in the last year. This data revealed a lack of attention toward PCI compliance among most merchants and service providers.

"It is no longer enough to simply achieve PCI compliance. Merchants and service providers must sustain continuous compliance for the security of their customers and the integrity of their business," said Bob Vieraitis, vice president of marketing at Solidcore. "While the up-front costs of PCI compliance might initially seem high, following the best-practices of the PCI-DSS is essential to avoiding the detrimental costs linked to a data breach, fines from the credit card companies, and revenue loss tied to a damaged reputation."

The credit card companies divide merchants into various levels based on the number of transactions processed every year. While each level is subject to a different set of compliance activities, the strictest rules and highest costs apply to Level 1 merchants (those processing six million transactions or more annually). Achieving PCI compliance, avoiding fines imposed by the credit card companies, and retaining the privilege to accept credit cards requires merchants and service providers to address approximately 180 individual PCI requirements in 12 categories. Participating merchants must pay for their own PCI compliance assessments, and the incremental cost of compliance depends upon the extent to which a merchant's infrastructure is already in a compliant or near-compliant state.

To obtain a copy of the complete report titled "PCI Compliance Cost Analysis: A Justified Expense," please visit:

About Emagined Security

Emagined Security is the leading professional services provider for Information Security & Compliance solutions. Emagined Security empowers its clients to help them effectively manage IT risk in today's dynamic business environment. With deep industry and domain expertise, a proven track record, and by employing well known and respected individuals from the Information Security community, Emagined Security can scale quickly and efficiently to provide clients with the rapid response required by best-in-class organizations. Emagined Security's commercial clients cover a wide range of U.S. and global Fortune 500 organizations, including the financial services, energy, healthcare, high tech, manufacturing, & insurance industries. Anticipate, protect, react, and deliver. Emagined Security is your partner in information security & compliance. For more information, visit

About Fortrex Technologies

Founded in 1997 Fortrex Technologies, Inc. has been a market leader in providing IT Security, Operational Risk and Compliance solutions for over 500 customers in various industry sectors. The Fortrex mission is to be our clients' long-term, trusted security advisor by ensuring the confidentiality, integrity, and availability of their data and systems through the provision of world-class, enterprise-wide information security services and solutions. At Fortrex, we believe that our unique differentiator is the team of individuals who are committed to a set of corporate values. These values, Integrity, Excellence, Empowerment, Teamwork and Thankfulness, are the foundation of all Fortrex relationships, including those with our employees, customers and vendors. For more information, visit

About Solidcore Systems

Solidcore is a leading provider of real-time change and configuration control software. Organizations worldwide trust Solidcore to assure compliance with the Payment Card Industry (PCI) and Sarbanes-Oxley (SOX) standards, to improve service availability, and achieve faster returns on ITIL and IT service management initiatives. Solidcore's S3 Control software helps organizations by tracking changes to their critical infrastructure in real-time, determining if the changes are authorized and blocking unauthorized change. Solidcore is headquartered in Cupertino, California. For more information, visit

Solidcore is a registered trademark of Solidcore Systems, Inc. in the United States and other countries. Solidcore S3 Control is a trademark of Solidcore Systems, Inc. All other product names, trademarks, and service marks mentioned herein are the property of their respective owners.

Contact Information

  • Media Contact:
    Tony Thompson
    Solidcore Systems, Inc.
    +1 (408) 387-8444
    Email Contact