Website Verification

Learn about how you can make your website secure and safe for your customers

  • Website Verification Poll

  • Mybloglog

    Join My Community at MyBloglog!
  • Check out my website verification online magazine:

  • Add my blog to:

    Add to Technorati Favorites

  • Advertisements


Posted by websiteverification on April 28, 2009

Ok, so we all know about the PCI DSS (Payment Card Industry Data Security Standards) by now. But some of you may be wondering what the PCI DSS fines are if you do not become compliant. The fines can be pretty steep as I will explain below, but not only will you risk huge fines if you aren’t compliant, you are putting your security system and customer information at risk.

All businesses who store, transmit or process credit card data are required to follow the PCI DSS, and should have become PCI compliant by the end of 2007. If you are one of these businesses and are not yet compliant, you are constantly at risk of losing sensitive cardholder data, which will most likely result in PCI DSS fines, legal action and bad publicity. Organizations that fail to comply face fines of up to $500,000 if the data is lost or stolen and risk not being allowed to handle cardholder data.

High-status cases concerning big corporations have hit the headlines in the last couple of years. The Payment Card Industry has threatened huge fines against some larger merchants of up to $25,000 per month until compliance is obtained. In the high-profile case of TJX (owner of T.J. Maxx, Marshalls, Home Goods and A.J. Wright retail chains), the company reported spending $202 million because of the PCI violation that compromised the cardholder account information of as many as 40 million customers. The money is being spent to handle more 20 lawsuits brought against it by banks and consumers in the U.S. and Canada and to pay settlements with credit-card associations.

So don’t risk it. If you are not yet PCI compliant get there now. It is not as hard as it may seem, and well worth the time and money you put into it. If you don’t want to risk those pesky PCI DSS fines, you know what to do!


4 Responses to “PCI DSS Fines”

  1. money making with adsense said

    Hey very nice blog!! This was what I needed to know right now.

  2. BS! The credit card company have ZERO legal authority to levy fines on any one or any business. Card Card companies are NOT juries or judges, nor any legal agency.
    All they can do go after the payment card gateway company – a bank. The bank then has the right to go after individual business to recoop costs, expenses and lost business revenues. To be successful, the bank has to prove in a court of law the business was negligent. If you are found guilty, then the SEC can go after you as well.
    Of course, this process takes years and you have do something brashly stupid or criminal.

    However, don’t fear monger. PCI DISS IS NOT A LEGAL BODY!!

  3. JJ said

    > To be successful, the bank has to prove in a court of law the business was negligent.

    Not necessarily true. All card agreements I’ve read include a clause where the merchant agrees to pay all fines from the card brand that were incurred by the bank. The biggest one I know of is Heartland Payment Systems. They’re around 100 million dollars. Their sponsoring bank, KeyBank of Cleveland, has stated in their SEC filings that in the event that Heartland does not pay the fines that the effect could be material on KeyBank. Go read KeyBank’s SEC filings for the past few years.

  4. wordpress business themes,best wordpress business themes,business themes wordpress…

    […]PCI DSS Fines « Website Verification[…]…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: