One year after the deadline, most big merchants still aren't Payment Card Industry compliant.
Ann Bednarz, Network World July 07, 2006 03:15 PM ET
A full year after the deadline, a majority of large merchants face potential fines because they still aren't in compliance with a data security standard created by major credit card companies including American Express, Discover, MasterCard and Visa.
The Payment Card Industry (PCI) standard lays out requirements for securing networks, protecting cardholder data and auditing security systems regularly. The PCI rules, which went into effect June 30, 2005, prescribe enforcement policies and penalties for noncompliance, depending on the volume of credit card transactions handled.
According to the standard, noncompliant merchants and payment processors can face as much as $500,000 in fines per incident if cardholder data is compromised. In addition, the card associations can revoke noncomplying companies' credit card processing privileges.