The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements developed to help ensure security standards for businesses that process credit cards. PCI compliance standards for merchants applies to any business that has a Merchant ID (MID), regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.
Created by the major payment card brands in 2006, the Payment Card Industry Security Standards Council (PCI SSC) set out to manage the ongoing evolution of the Payment Card Industry (PCI) with the goal of improving account security throughout the transaction process. All PCI DSS requirements are administered and managed by the PCI SSC (www.pcisecuritystandards.org); however, enforcement is the responsibility of the payment brands.
PCI compliance standards for merchants are enforced through penalties for noncompliance. Depending on the situation, the payment brands can impose fines to acquiring banks for noncompliance violations. The banks will most likely pass these fines to the merchant, and may either terminate the relationship or increase the transaction fees. Although penalties are not widely publicized, fines can range anywhere from $5,000 to $100,000 and can be catastrophic to a small business. It is therefore important for any business with a merchant ID to be familiar PCI DSS requirements and the merchant account agreement.