If I’m not compliant, what may happen to me and my business?
You may be liable for non-compliance fines if you do not work towards compliance with your acquirer and ultimately your acquirer may be forced to terminate your relationship, which will prevent you from accepting payments by card.
Your customer’s data may be at risk of compromise and subject to fraudulent use. Fraudsters target the weak links in the payment chain to steal payment data (card numbers and card security codes) and customer’s personal information (names, addresses, phone numbers, email, date of birth etc.) for the purpose of committing fraud.
If the environment is identified as a Common Point of Purchase (CPP) for fraud. (If you are suspected to have suffered a data compromise), you will be required to engage with a PCI Forensic Investigator (PFI) to establish the source of the breach to ensure any compliance gaps are closed.
The cost of a forensic investigation can run into thousands of pounds You will be liable for these costs if evidence of a compromise is established .
There are considerable Card Scheme fines associated with non-compliance following a data compromise; these can range from ten to hundreds of thousands of pounds. Many non-compliant merchants have ceased trading because the fines could not be accommodated. The fines are passed from the Card Scheme to the acquirer and then onto the merchant.
Reputational damage is also a consideration if you are compromised and lose card data. Because it may lead to loss of customer confidence which could seriously impact their willingness to continue to do business with you.