Thursday September 20, 2018
PCI Discussion Forum

  • Noncompliance Fines- The consequences of not being PCI compliant range from $5,000 to $500,000, which is levied by banks and credit card institutions. Banks may fine based on forensic research they must perform to remediate noncompliance. Credit card institutions may levy fines as a punishment for noncompliance and propose a timeline of increasing fines. The following table is an example of a time-cost schedule which Visa uses.

    Level 1
    Level 2
    1 to 3
    $10,000 monthly
    $5,000 monthly
    4 to 6
    $50,000 monthly
    $25,000 monthly
    7 and on
    $100,000 monthly
    $50,000 monthly

  • Breach Consequences- Even if a company is 100% PCI compliant and validated, a breach in cardholder data may still occur. Cardholder Breaches can result in the following losses for a merchant.
    • $50-$90 fine per cardholder data compromised
    • Suspension of credit card acceptance by a merchant’s credit card account provider
    • Loss of reputation with customers, suppliers, and partners
    • Possible civil litigation from breached customers
    • Loss of customer trust which effects future sales

  • Calculator- This calculator is provided to give an estimate of penalties a company may assume if a breach of customer data were to happen. Inputs into this calculation include: discovery and notification, employee opportunity costs, customer opportunity costs, regulatory fines, civil restitutions, audit costs, and other liabilities. Click here to use the calculator.

Tools and Calculators

Gap Assessment Tool
Take this assessment to gain greater insight into the challenges you are facing

Business Resources