Trend | Privacy and HIPAA

Consequences of PCI Noncompliance

Trend | Privacy and HIPAA

Consequences of PCI Noncompliance

Healthcare finance leaders should understand that the consequences of noncompliance with the PCI standards for security of credit card information can be severe.

The Payment Card Industry (PCI) Security Standards Council offers a brief description of how extensive the consequences from noncompliance with its standards can be in terms of fines levied by banks and credit card companies, and of the consequences of data breaches that might occur even if a company is 100  percent PCI compliant. The council notes that fines incurred from noncompliance with PCI standards can range from $5,000 to $500,000.

The council offers the example of Visa, which uses a time-cost table that levies fines based on the category of the noncompliance (i.e., Level 1 or Level 2) and its duration. For example, Level 1 noncompliance occurring fo three months or less would incur a fine of $10,000 monthly, whereas Level 2 noncompliance for the same period would incure a fine of $5,000 monthly. At the highest level, where Level 1 noncompliance persists for seven months or more, the fines would amount to $100,000 monthly.

The council also lists the possible consequences to a company from a cardholder breach that occurs despite the company’s being 100 percent compliant with the PCI standards. For example, under such circumstances, the company could be subject to a $50 to $90 fine per cardholder data compromise; a compromised reputation among customers, suppliers, and partners; possible civil litigation from customers who experienced the breach; and a loss of customer trust which effects future sales.

Sign up for a free guest account and get access to five free articles every month.

Advertisements

Related Articles | Privacy and HIPAA

Blog | Enterprise Risk Management

Fitch describes the heightened risk posed by cyberattacks on not-for-profit hospitals

Cyberattacks on NFP hospitals increased substantially during the COVID-19 pandemic and show no signs of abating, Fitch says.

Article | Value-Based Payment

Healthcare financial teams need accounting software that delivers clear, measurable results to navigate today’s challenges

One company uses its cloud-native financial accounting system to provide acute, ambulatory and post-acute organizations with data to solve their most complex challenges, focus on strategic initiatives, increase efficiency and drive growth.

Fact Sheet | Electronic Health Records

ONC 21st Century Cures Act Final Rule Summary

HFMA has summarized the ONC final rule implementing provisions of the 21st Century Cures Act.

Fact Sheet | Electronic Health Records

ONC 21st Century Cures Act Final Rule Announcement Summary

HFMA summarized the announcement of ONC final rule implementing provisions of the 21st Century Cures Act.