The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. The security standard consists of 12 requirements that a business needs in order to be PCI compliant. If your company is not compliant then your business may face significant fines, increased transaction fees, and negative publicity.
As part of the security standards there is an annual PCI security audit that determines if your business is compliant or not. Your payment processors and/or credit card companies will be fined for working with a business that is non-compliant. These companies will almost always pass on their fines to your business to recoup their losses from your negligence. These fines are usually anywhere between $5,000 and $10,000 a month for those companies for violating PCI compliance rules. On top of those fines, you will likely lose your relationship with your bank, the credit card companies whose payments you accept, and any other payment processor you use. They won’t want to work with a client who is not PCI compliant.
Penalties vary from processor to processor but the following numbers are the typical penalties you can expect if you are in PCI non-compliance, depending on how long you remain in non-compliance and how much business your company does
- One to Three Months in Non-Compliance– $10,000 a month for high-volume clients/$5,000 a month for low-volume clients
- Four to Six Months in Non-Compliance– $50,000 a month for high-volume clients/$25,000 a month for low-volume clients
- Seven Months and Upward in Non-Compliance-$100,000 a month for high-volume clients/$50,000 a month for low-volume clients
Being PCI compliant can protect you from liability but it does not guarantee that your business will be protected from loss of business and loss of data. Being PCI compliant is like wearing a bicycle helmet, it does not prevent you from crashing but it does protect you from most head injuries.
If you have any questions about PCI Compliance and how it might affect you or your business please feel free to contact Dynamic Solutions Group by phone or email.