PCI DSS non-compliance fees – myth or reality?

  • Team Omega
  • November 1, 2016

PCI non-compliance fees“You don’t have to pay fees for non-compliance.”

The above myth is touted by retailers resistant to Payment Card Industry’s compliance standards. This is a risky belief if put into practice. Retailers need to understand that they are placing their entire company at risk with this thought process. Read below to learn why the above myth is misleading.

Actually, you have to pay fees for non-compliance.  It starts out this way. A card company or the merchant bank sends a letter to the retailer requesting an Attestation of Compliance (AOC). If you are a level 1 or level 2 merchant you are bound to receive this letter at some point. The time given to show this proof is usually just a couple months or less.

If a retailer has not taken the steps toward compliance as recommended by the card companies, there will obviously be nothing to show. A penalty will be imposed starting at $5,000 per month for a level 2 merchant, and at $10,000 per month for a level 1 merchant. The amount increases every three months that the company does not produce proof of compliance. Furthermore, the card company might revoke a retailer’s right to accept their card. This equals to retailers voluntarily turning their customers away.


It takes anywhere from 4 to 6 months on up for a retailer to become compliant. The standards of PCI 3.2 are stringent and depending on what is required in a card data environment, securing a business’s data can even take a year. The best way to not only avoid the penalties but also protect customers’ data is to systematically follow the path of data security recommended by a managed security services provider like Omega ATC.

Build a company culture which makes information security the job of everyone to enforce.

Omega ATC is a recognized Managed Security Services Provider that specializes in retail data security. Contact Omega and together we will make your environment safe and your data secure. When this happens, PCI compliance will fall into place very easily.  Data security is the first step toward compliance.  Call Ashwin Swamy now — 636-557-7777 x2453 or email to ashwin.swamy@omegaatc.com.