Penalties for PCI non-compliance
Fines can be levied by payment card brands of up to $500,000 per incident for security breaches when merchants are not PCI compliant.
In addition, it is required that all individuals whose information is believed to have been compromised must be notified in writing to be on alert for fraudulent charges. As such, the potential cost of a security breach can far exceed $500,000 when the cost of customer notification and recovery is calculated.