Noncompliance Fines- The consequences of not being PCI compliant range from $5,000 to $500,000, which is levied by banks and credit card institutions. Banks may fine based on forensic research they must perform to remediate noncompliance. Credit card institutions may levy fines as a punishment for noncompliance and propose a timeline of increasing fines. The following table is an example of a time-cost schedule which Visa uses.
1 to 3
4 to 6
7 and on
Breach Consequences- Even if a company is 100% PCI compliant and validated, a breach in cardholder data may still occur. Cardholder Breaches can result in the following losses for a merchant.
$50-$90 fine per cardholder data compromised
Suspension of credit card acceptance by a merchant’s credit card account provider
Loss of reputation with customers, suppliers, and partners
Possible civil litigation from breached customers
Loss of customer trust which effects future sales
Calculator- This calculator is provided to give an estimate of penalties a company may assume if a breach of customer data were to happen. Inputs into this calculation include: discovery and notification, employee opportunity costs, customer opportunity costs, regulatory fines, civil restitutions, audit costs, and other liabilities. Click here to use the calculator.
Gap Assessment Tool Take this assessment to gain greater insight into the challenges you are facing