Penalties for failure to comply with the PCI requirements, failure to rectify a security issue, or failure to report a compromise are severe:

  • Possible restrictions on the merchant, including but not limited to: 
    • Closure of merchant account
    • With holding current funds due or suspension of rolling reserve
    • Permanent prohibition of the merchant’s participation in card association programs (known as the "MATCH list" 
  • Fines of up to $500,000 per incident
  • Violation of applicable federal or state laws
  • Fraud losses perpetrated using the account numbers associated with the compromise (from date of compromise forward)