Wednesday, December 27, 2006

PCI Fines - The Teeth of PCI-DSS Compliance

In 2006, Visa levied $4.6 million in fines, up from a 2005 total of $3.4 million.

This new program sets an enforcement date for acquirers to validate PCI compliance for Level 1 and Level 2 merchants. Additionally, Visa is adding new fines to acquirers whose Level 2 merchant customers retain full-track data, CVV2 or PIN data after the transaction authorization.

Specifically for PCI compliance, acquirers will be fined between $5,000 and $25,000 a month for each of its Level 1 and 2 merchants who have not validated by September 30, 2007 and December 31, 2007 respectively. For prohibited data storage, acquirers failing to provide confirmation that their Level 1 and 2 merchants are not storing full track data, CVV2 or PIN data by March 31, 2007 will be eligible for fines up to $10,000 a month per merchant, subject to escalation in the event material progress toward compliance is not made in a timely manner.

From Visa

2 Comments:

Blogger g said...

This is helpful information. Do you have any knowledge of where I can get more detailed information on fines based on the requirement? I've looked at pcisecuritystandards.org, but they don't list. Thank you.

11:29 AM  
Blogger dotty said...

it is a great way to get your blog and contents noticed.

.............
Purnima

Wow, check out this site called www.fluc.com
. Free SMS and free mobile ads!! Its fantastic

4:07 AM  

Post a Comment

<< Home