Why would a merchant want to be “Out-Of-Scope” for PCI DSS?

CFXWorks believes there are pros and cons for being “In-Scope”, as well as “Out-of-Scope”. Here are our observations based on feedback from our users. You may not agree. Please let us know your position.

In-Scope Out-Of-Scope
  • Higher risk associated with a compromise.
  • Lower risk associated with credit card fraud liability.
  • Higher cost associated with a compromise.
  • Lower cost associated with credit card fraud liability.
  • Higher QSA costs.
  • Higher QSA costs.
  • Lower merchant account fees.
  • Higher merchant account fees.
  • The Ponemon Institute 2017 Cost of Data Breach Study reported the average total cost of a data breach for the 419 companies participating in the survey was $3.62 million. The average cost for each lost or stolen record containing sensitive and confidential information was $141. Companies however, in this year’s study experienced larger breaches up by 1.8%.

    With an “In-Scope” you may be betting your business if there is a compromise and you don’t have very deep pockets!

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.