Is PCI Compliance law?
PCI compliance is not a law; however, it is an industry requirement and you could face financial repercussions for non-compliance.
What being an "industry requirement" means is that technically, you can lose your ability to accept credit cards should you choose to be non-compliant. This is relatively rare, but the card-associations take compliance very seriously. Should Visa/MasterCard determine that your account is out of compliance, they'll reach out to us, to inform us that if you don't get into compliance, your account will be shut down! Naturally, we don't want that to happen.
We'll share, though, it is super rare for the card associations to reach out. In our experience, something would have brought the merchant's PCI status to their attention for this to happen. It could be that a breach is in progress, or even that a customer has complained about the merchant's card acceptance security measures (or lack thereof).
So, should you choose to be non-compliant, you're not at risk of breaking the law. It's the equivalent of violating a terms/conditions of any business, essentially - Visa/MasterCard can simply choose not to work with you if you violate their terms/conditions, which state you're required to be PCI compliant. Obviously, most businesses want to accept major credit cards, so this threat is one to be taken seriously! We highly recommend compliance for all AND clients, and will gladly assist your business in getting things right.
We're serious about saving money.
AND is dedicated to getting your processing rates as close to zero as possible. We utilize membership pricing along with cash discounting and surcharging programs to maximize savings. Let our analysts review your statements and see how much money we can put back in your pockets.