What are the consequences for merchants if they are not PCI DSS compliant?
PCI-DSS compliance can be difficult and time consuming to accomplish without the right guidance or help provided to you and your business. The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that help keep you and your business safe from a breach in the system, which could be costly. Being PCI compliant not only gives peace of mind but it makes your business stronger and more secure. Trying to attempt the complicated process on your own can, in some cases, steer a business down the path of being PCI Non-Compliant. This leaves your company and clients at risk in multiple ways, as this blog will demonstrate. Non-compliance can lead to many different consequences such as monthly penalties, data breaches, legal action, damaged reputation, and even revenue loss.
PCI Non-Compliance: Fines and Negative Consequences
- Monthly Penalties
PCI Non-Compliance can result in penalties ranging from $5,000 to $100,000 per month by the Credit Card Companies (Visa, MasterCard, Discover, AMEX). Penalties depend on the volume of clients and transactions; these volumes can help to determine what level of PCI DSS compliance a company should be on.
Example: A level-1 company that has not met its PCI DSS requirements for over 7 months can be fined up to $100,000 per month.
- Data Breaches
PCI DSS Compliance does not prevent data breaches; companies that meet PCI DSS requirements can suffer attacks and data loss. If a company is compliant and suffers a data breach, it can still be responsible for paying penalties. However, the card brands may significantly lower or eliminate fines if the company in question has taken all the necessary steps to be PCI DSS compliant.
- Average cost of a breach is $150 per record, according to the Ponemon Institute's 2019 "Cost of a Data Breach" report;
- Costs of card replacement or issuing, between $3 to $10 per card;
- Increased rates charged by banks and/or processors
- Termination of Merchant Relationship with the credit card brands;
- Lawsuit by the clients whose information has been breached;
- Security costs related to mandatory credit monitoring for customers whose data was compromised, identity theft repair, etc;
- Costs of the forensic investigation in order to determine the causes of the data breach.
- Legal Action
Lawsuits against your company can be a common outcome. In 2007, TJX Companies (best known as the holder of Marshalls and T.J. Maxx) had to pay $40.9 million for a data breach which put an estimated 100 million bank cards at risk. In 2014, 1.1 million clients of Neiman Marcus were affected by another data breach.
- Damaged Reputation
Putting clients’ bank card information at risk can result in irreversible damage to a company’s reputation; this is in addition to any of the elevated costs that would be incurred by the organization. Once your security has been endangered, it will be very difficult for your clients to start trusting you again.
- Revenue Loss
In addition to loss of brand reputation, a merchant can expect their revenue to drop drastically due to the loss of clients followed by a security breach. In 2013, Target was sentenced to $18.4 million for a data breach that affected more than 41 million customers. This led the merchant to a $440-million-loss of revenue in the first quarter following the breach.
Clearly, it is vitally important for merchants to maintain PCI Compliance and avoid the fees and costs associated with non-compliance. Each credit card processing and payment solutions company can set their own rates and fees so the costs to maintaining PCI Compliance will vary depending on your current payment processing solutions and provider. You can read more about all of the costs associated with PCI Compliance on our previous blog here.
There is a lot of complexity to preparing and maintaining PCI Compliance. The average merchant should not try to do it all alone. Our REPAY team will help you develop a plan for your business to maintain PCI Compliance today and every day. Learn how to get ahead of the curve with PCI Compliance and download our free Merchant’s Guide to PCI Compliance.
In this guide, we will cover the following PCI Compliance topics:
- What is PCI?
- What are the Penalties for PCI Non-compliance?
- How to Get Ahead on PCI Compliance Anytime with these 10 Steps
- PCI Compliance Checklist
- Getting Help
- Next Steps
Our transparent and fair policies around PCI Compliance enable our merchants to achieve PCI Compliant status as quickly and cost-effectively as possible. Contact REPAY today and learn how we can help your company with PCI Compliance and streamline your credit card payment processing.