From an article originally on www.focusonpci.com
Note: This page is no longer available.
PCI NONCOMPLIANT CONSEQUENCES
Noncompliance Fines- The consequences of not being PCI compliant range
from $5,000 to $500,000, which is levied by banks and credit card institutions.
Banks may fine based on forensic research they must perform to remediate
noncompliance. Credit card institutions may levy fines as a punishment for
noncompliance and propose a timeline of increasing fines. The following table is
an example of a time-cost schedule which Visa uses.
1 to 3 |
$10,000 monthly |
$5,000 monthly |
4 to 6 |
$50,000 monthly |
$25,000 monthly |
7 or More |
$100,000 monthly |
$50,000 monthly |
Breach Consequences- Even if a company is 100% PCI compliant and validated,
a breach in cardholder data may still occur. Cardholder Breaches can result
in the following losses for a merchant.
$50-$90 fine per cardholder data compromised.
Suspension of credit card acceptance by a merchant’s provider.
Loss of reputation with customers, suppliers, and partners.
Possible civil litigation from breached customers.
Loss of customer trust which effects future sales.