Company Reputation and Financial Stability Risks
Company reputation and financial stability risks
The risks associated with storing card data go beyond the regulatory or compliance realm. Considerations also include company reputation and financial stability. Some companies would not be able to survive a data breach.
Other companies, because of their financial strength, could just "write a check" for the damages and rely on marketing or public forgiveness for an unfortunate event. But a data breach isn't something a company wants to experience to find out the goodwill it may have in the eyes of consumers.
Another risk associated with credit card data storage is the investment, proper use and required administration of the technical infrastructure that is protecting the data. Technology changes at a very rapid pace and maintaining up-to-date technology is not a trivial investment a company must make. In a company's risk assessment program, a cost-benefit analysis (CBA) must be conducted to determine the value of the investment required to comply with standards and to properly protect the stored data.
Here is one analogy worth considering. If a homeowner who lives in a high-crime area is known to possess some valuable jewelry, why would they want to install iron bars over their windows and put strong locks on their doors to prevent or reduce the possible exposure to a break-in? That homeowner would possibly be investing more money in securing the house than perhaps is the value of the goods being protected. So, the homeowner might strongly consider using a bank safe-deposit box instead. Or they may even purchase additional insurance coverage to cover the cost of a possible loss. But the insurance coverage would also have to cover the cost of the resulting damage that the house would suffer.