The card brands and credit card processors can assess significant fines (currently starting at $25,000 for each card type) for failure to comply with the standards and can revoke the University’s ability to accept payment cards if we are breached.
Additionally, the Payment Card Services has the authority and responsibility to deactivate a unit’s credit card merchant account if it is determined that a unit is not in compliance with the University’s credit card policies or if the unit creates significant risk that is not appropriately mitigated. Merchants are required to complete an annual PCI questionnaire to attest to compliance and to notify the PCPC immediately if they are aware that they have become non-compliant at any time. For more information on PCI, please refer to the PCI website.
VISA Core rules – see Chapter 12 – Fees and Non-Compliance Assessments
Mastercard Rules – see chapter 2.1 - Standards and Conduct of Activity
American Express – see Chapter 12.2 4 Merchant Fees-Data Security Fees