Fines For Non-Compliance

If a company would like to participate in the card acceptance programs from the core five card companies MasterCard, American Express, VISA, JCB and Discover they are expected to demonstrate that they are actively working towards compliance to the PCI security standard.

Failure to work towards compliance will result in fines imposed every month the merchant is non-compliant.  For merchants processing large volumes of card transactions, over 6 million card transactions a year, known as Level 1 Merchants, fines will be USD$25,000 per month.  For smaller Level 2 Merchants, 1-6 millions card transactions a year; & Level 3 Merchants, 20,000 – 1 million card transactions a year; the fines are set at USD$5,000 per month.

Merchants with card transactions below 20,000 per year are classified as Level 4 merchants and are also expected to move towards compliance, but are not subject to fines.

As part of the compliance process merchants will be assessed to see how compliant their current infrastructure is to the standard.  Any gaps in compliance must be filled with urgency, failure to address the gaps can lead to escalating penalties, as described in the table below:

Level 1 & 2 Merchants

  • First Violation – Assessment Amount: Up to USD$25,000
  • Second Violation – Assessment Amount: Up to USD$50,000
  • Third Violation – Assessment Amount: Up to USD$100,000
  • Fourth Violation – Assessment Amount: Up to USD$200,000

Level 3 Merchants

  • First Violation – Assessment Amount: Up to USD$10,000
  • Second Violation – Assessment Amount: Up to USD$20,000
  • Third Violation – Assessment Amount: Up to USD$40,000
  • Fourth Violation – Assessment Amount: Up to USD$80,000
loading comments...