We use cookies to give you the best browsing experience and to help us understand how you use our site. Cookies are small snippets of data stored on your computer and some have already been set. By continuing to use our website you are accepting our use of cookies. To find out more, read about cookies

Please note

We cannot answer specific queries about your account here. For Account queries please

Can't find the answer?

Email Us

Your selected question

I do not understand the fine structure for PCI DSS, can this be explained?

The fine structure falls in two categories: non-compliance fines and data compromise fines.

 

Non-compliance

 

The PCI DSS compliance deadline has passed for all merchants.

Fines may be applied because of lack of progression towards PCI DSS compliance or for storing Sensitive Authentication Data (SAD); the fines can be levied every month and the value escalates if associated deadlines are missed.


Account Data Compromise  (ADC)

 

Fines will be levied in all cases where merchants are the subject of a security breach and upon investigation are found to be non-compliant. The average fines levied for a small merchant total around £15,000 which is payable on top of any forensic investigation and remediation costs.

It is important to note however, that on top of non-compliance fines that may be levied, compromise fines will be levied in all cases where merchants are found to be non-compliant and the subject of a security breach.

It is Barclaycard's policy to pass on any fines levied by the Schemes to merchants.

If, however, a merchant is the subject of a data compromise and an investigation carried out by a Qualified Security Assessor (QSA) finds the merchant to be compliant they will benefit from what is called "safe harbour" from fines. It is important to reiterate that in order for a merchant to be compliant, all of its third parties who store, process or transmit cardholder data on their behalf must also be compliant.

For more information please email PCI.TaskForce@barclaycard.co.uk

How useful did you find the answer given?

Not at all Very useful