PCI Compliance

  • You are either PCI compliant or not
  • Single control missing = non-compliant
  • Compliance changes from time-to-time
  • Configuration drift no excuse
    • Need documented change management process
    • Continuous monitoring of controls and configuration
Row of 8 padlock images in foreground. 7 are greyed out and unlocked, one orange and locked. business man in suit and tie touching finger to locked padlock.

Non-Compliance

  • Fines range between $5,000 to $100,000 per month
    • 1 – 3 months (of non-compliance) = $5,000 - $10,000 / month
    • 4 – 6 months = $25,000 - $50,000 / month
    • 7+ months = $50,000 - $100,000 /month
  • Risk of losing merchant account = cannot accept credit card payments
  • Terminated merchant list = ineligible from getting another merchant account for several years

Non-Compliant Breach

  • Fined up to $500,000 (by card brands / banks) against merchant
  • Other (governmental) fines (i.e., FCC, HHS, etc…)
  • Class action lawsuit (by customer)
  • Liable for fraudulent payments
  • Cybersecurity insurance companies - Refuse to pay claims
  • Governmental sanctions (i.e., FTC audit)

Potential Liabilities

  • Lost confidence, lost customers 
  • Diminished sales
  • Cost of reissuing new payment cards
  • Fraud losses
  • Higher subsequent costs of compliance
  • Legal costs, settlements and judgments
  • Fines and penalties
  • Termination of ability to accept payment cards
  • Lost jobs (CISO, CIO, CEO and dependent professional positions)
  • Going out of business

Let us help you with PCI compliance

PCI Compliance