What if I am not PCI compliant?

Enforcement of compliance is done by the bodies holding relationships with the in-scope organisations. Thus, for organisations processing Visa or Mastercard transactions, compliance is enforced by the organisation’s acquirer, while organisations handling American Express transactions will deal directly with American Express for the purposes of compliance. In the case of third party suppliers such as hosting companies who have business relationships with in-scope organisations, enforcement of compliance falls to the in-scope company, as neither the acquirers nor the card brands will have appropriate contractual relationships in place to mandate compliance. Non-compliant companies who maintain a relationship with one or more of the card brands, either directly or through an acquirer risk losing their ability to process credit card payments and being audited and/or fined.