Jan 31, 2019

PCI Compliance Penalties: What are They, and When Do They Happen?

Category: Cyber

Mobile payments are becoming more and more commonplace when it comes to consumer payments. Organizations that process credit or debit car information have to comply to certain rules and standards to process these payments, known as the Payment Card Industry Data Security Standard (PCI DSS). This regulatory standard is aimed at preventing costly data breaches and holding companies to higher payment benchmarks.

Square, the popular mobile payment app founded by Twitter’s Jack Dorsey, is creating new payment options that comply with PCI DSS rules. Though these are industry rules compared to fines, they can in turn result in harsh fines and penalties for businesses who do not comply with them. Here’s a better way to understand what the penalties are and when they happen.

Non-Compliant Merchants Are Penalized by Their Banks

It’s important for those who are undergoing fees and fines that are added up throughout this process that investing in cyber insurance beforehand, such as with Tangram Insurance, can mitigate some of the major costs. Cyber insurance offered at Tangram Insurance can cover the costs related to non-compliance issues under PCI rules.

If a merchant undergoes a data breach and it’s found out that they are non-compliant with PCI rules, they can be brought fines that can only make matters worse. Depending on the circumstances of a breach, fines can range anywhere between $5,000 and $100,000 every month until the company takes care of all compliance issues. Cards may even be revoked as form of payment until they comply in full.

Merchants can be fined by their acquiring bank, which has the ability to pass the loss by assessing a fine on its merchant that was found non-compliant. Because merchant banks bear the load of responsibility for merchants’ security efforts, they have flexibility in their PCI policies.

With this in mind it’s good to know that acquiring banks determine how a merchant must demonstrate compliance. Since merchant banks operate under their own regulatory purview, they can decide how they want to verify a merchant’s compliance and how they penalize them.

Merchants may either indicate compliance by working through a self-reporting checklist of their own or they can issue a full, top-to-bottom audit by a third-party security expert, such as a Qualified Security Assessor.

PCI Compliance Rules Are Useful

These rules can genuinely help companies stay in their lane when it comes to knowing what they need to comply with. It’s normal for business owners and individual merchants to look at these rules as frustrating, but complying with PCI rules can in fact save them in the long run when it comes to data breaches.

About Tangram Insurance Services

Located across the Golden Gate Bridge, just outside of San Francisco, Tangram is a full-service Managing General Underwriter and Program Manager offering specialty programs. We focus on industry-relevant coverage, competitive pricing, and practical business and risk management solutions for your clients. Since we are not all things to all people, we make sure to create outstanding custom-built solutions that matter to those businesses, and the brokers who serve those industries. Contact us at (888) 744-9810.