The Fines and Penalties for a PCI Breach

Updated: Feb 27


The Payment Card Industry Data Security Standard (PCI DSS) provides a set of best practices and guidelines to help ensure payment security. The achievement of this standard is referred to as PCI Compliance. The standard was implemented in 2006 in order to clearly establish and manage PCI security standards and enhance account security throughout the transaction process.


Without PCI compliance, the sensitive PII and PIFI (personally identifiable financial information) supplied by consumers is at greater risk for exposure and theft. This, of course, negatively impact consumers and can damage a company’s brand, by putting them in jeopardy of a data breach.


The Benefits of PCI Compliance for a Business

PCI compliance is relevant to any business that accepts credit card payments, regardless of the size or volume of those transactions they tend to accept. While PCI compliance is not legally mandated, if your business is victim of a data breach while not in full compliance, you could be subject to significant fines. Adhering to the PCI standards protects both your customers and your business.


Some of the Specific benefits of PCI compliance to a business include:

  • It helps ensure that your systems are protected so that your can customers trust you with their sensitive payment card information, thus enhancing your brand and reputation.

  • The ongoing PCI compliance process helps to prevent security breaches and data theft.

  • Achieving PCI compliance contributes to the worldwide payment card data security effort.

  • Achieving PCI Compliance better prepares your company to comply with other regulations, such as SOX, HIPAA and GDPR.

  • PCI compliance and improve your company’s overall IT infrastructure and data protection strategies.

What are the Penalties Associated with a PCI Breach?

A PCI breach can lead to penalties from the credit card companies ranging from $5,000 to $100,000 per month. The actual fines depend on the volume of clients and transactions, as well as the level of PCI compliance that the company should have achieved. Also factored in is the amount of time that the company has been out of compliance.


Even the companies in compliance can suffer a PCI breach. If your company is the subject of a breach in which card bank card holder information has been jeopardized, the following penalties apply:

  • $50-$90 for each card holder whose information has been compromised

  • Dissolution of the relationship with you bank/payment processor

  • Negative impact over your company’s brand and reputation

  • Potential lawsuits by the clients whose information has been breached

The failure to protect your clients’ bank card information can not only lead to financial penalties, but it can cause irreparable damage to your brand’s reputation. Following a PCI breach, it can be very difficult for clients to put their faith back into your company.


How to Handle a PCI Breach

If your company does experience a PCI breach, the implications can be far-reaching. In fact, 48 out of 50 states have instituted breach notification laws pertaining to personal information. This means that if someone’s name and address are jeopardized, you likely have a notification obligation regardless of whether credit card numbers were accessed as a result of the breach.


After a PCI breach, your best bet is to take responsibility and minimize the impact to the greatest extent you can. Confront the problem with a proactive strategy that helps ensure it will not happen again. Take steps to ensure that those whose data was compromised are protected, which could mean the use of an identity protection policy for those customers who were affected.


eLearning for PCI Compliance

If your company accepts credit cards, it is critical that each of your employees who handle cardholder data maintain compliance with PCI standards. PCI compliance training can help ensure your business meets compliance with PCI standards, passes audits, and prevents data breaches.


In recent years, as online technologies have continued to evolve, eLearning has emerged as a cornerstone for PCI compliance training as it offers a more cost-effective and convenient approach to employee learning and training.


LMS Portals provides a cloud-based platform that allows you to launch and manage your own corporate-branded eLearning portal. The system includes powerful supporting tools for online communications, employee onboarding, analysis, and more.


Contact us today to get started for free!

19 views