PCI Non Compliance: What Happens If I Don’t Follow PCI DSS?

Rate this article: 1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 3.00)
Loading...

PCI DSS is a set of standards that any company accepting payment cards must follow. It’s a set of 12 rules that ensure you’re staying secure and keeping the data you collect safe. PCI non compliance can be a big problem for businesses worldwide who don’t follow the framework.

What may come as a surprise is that PCI DSS is actually not a very onerous regulation; in fact, most of the requirements are just security best practices anyway. Really, the only inconvenient part is the scanning and reporting, and that can be handled with Sectigo HackerGuardian in a way that really only involves a few clicks of a mouse.

Still, we get asked a lot whether it’s mandatory to comply with PCI DSS and what happens if you don’t. So, here’s what you need to know:

PCI DSS Non Compliance

To put it simply, you’ll likely get fined and you’ll no longer be able to accept payment cards if you’re not compliant with PCI DSS regulations. This will end your relationship with most creditors and financial institutions, and you’ll end up being one of those off-putting websites that only accepts PayPal and cryptocurrency.

Generally, people look at those websites skeptically.

It’s also going to be hard to get back in the Payment Card Industry’s good graces. Once you’ve demonstrated you’ll shirk compliance, it’s hard to regain that trust.

You may be wondering why it’s so stringent. Really, just think about it for a moment — it makes a lot of sense given the sensitivity of the information you’re processing. Whereas someone’s email and address does constitute personal data, it’s less of an immediate threat than having payment card information stolen. In fact, it’s enough of a threat that if you don’t take adequate steps to protect it, you’ll no longer be trusted to collect it.

This is essential information for you considering that not being able to accept payment cards is going to really hurt your bottom line. Most people don’t use cryptocurrency and a good chunk — including the U.S. president — think it’s made up funny money. And if you flunk PCI DSS, there’s a chance even PayPal won’t want to work with you!

What Are the Actual Penalties for Non Compliance?

Admittedly, some of the long-term effects of PCI non compliance are harder to quantify. So, let’s talk dollars and cents. But before we do that, let’s talk about how the PCI DSS penalties are enforced.

There’s no singular body that enforces PCI DSS. While there’s a council consisting of all the major credit companies that determines the PCI DSS compliance requirements, that council doesn’t enforce them. That responsibility falls to the individual credit companies themselves — the key word there being individual.

When you run afoul of PCI DSS, you don’t just face one single PCI non compliance fee or fine. Oh, no. If you’re non-compliant and you accept three different types of credit card, you could be looking at up to three different PCI non compliance fines. Talk about a kick to the gut (or, at least, your ledger).

Those fines could be from $5,000 to $100,000 per month, as long as the problem persists. The total amount is based on the severity of the issue and the whims of the credit company.

Oh, and here’s the other thing — they don’t fine you directly. That wouldn’t work because too many companies just wouldn’t pay. Instead, the credit companies fine the merchant’s acquiring bank. Then the bank passes along the fine, potentially along with some additional fees and penalties for making it front the total on your behalf.

As you can see, now things start to add up. Furthermore, they’ll keep adding up by the month until you’re either out of business or finally come around and comply with the rules. And that’s provided they don’t sever ties with you all together first on account of your lax attitude towards security.

PCI DSS Compliance Made Easy

Look, it’s not that difficult to comply with PCI DSS so long as you have the right scanner. Sectigo HackerGuardian scans your network with over 30,000 tests and produces ready-to-submit reporting each time. It takes the work out of PCI DSS and makes non-compliance into a conscious choice instead.

Plus, nobody sells it cheaper than we do.

Save 67% on PCI Scanning

Get Sectigo HackerGuardian PCI Scanner for only $81.90/year.

Start Scanning