If merchants and the acquirers servicing them are not hearing an ominous tick, tick, tick, maybe they should. As of Sept. 30, 2007, Visa U.S.A. intends to begin fining acquirers $5,000 per month for each of their level 1 and level 2 merchants who have not complied with the Payment Card Industry (PCI) Data Security Standard.
That's not all. Noncompliant merchants may be assessed fines starting at $25,000 per month. And said merchants also face the prospect of being downgraded one level, meaning they will have to pay more for transaction processing.