Your merchants and service providers may refuse to process your company`s credit card payments, they can fine you, and if you have an infringement, they may require you to inquire beyond basic DSS PCI compliance. Since payment cards are the highest-cost methods of accepting payments from the company, compliance is not optional. You (and your company) have committed to the signing of the contract. «PCI COMPLIANCEContractor ensures and ensures that the software and services used to process transactions are in possession of the university`s customer data during the term of the contract and/or during the contract holder, in accordance with the standards established by the Payment Card Industry (PCI) Security Standards Council. If a third party is applied, the application is listed as PA-DSS compliant at the time of implementation by the university. The cardholder acknowledges and accepts that it is responsible for the security of all data relating to the cardholder. The contractor agrees to compensate the university, its executives, employees and agents for claims, claims, means, judgments, judgments, assessments, costs (including reasonable legal fees) and expenses arising from or related to the loss of university credit cards or identity information managed, retained or retained by the contractor, including, but not limited to the fraudulent or unauthorized use of these credit cards or identity cards. The holder must provide proof of compliance with the payment card data security industry (DSS) security standard upon written request within 10 business days of the application. Regardless of the written application, the contractor makes available once a year the appropriate Certificate of Compliance (AOC) which can be found on the PCI SSC website. The contractor accepts that, notwithstanding the contrary provisions of the contract or addendum, the university can terminate the contract without delay and without penalty if the holder does not maintain compliance with the DSS PCI or maintains the confidentiality of the cardholder`s data.» So what`s the worst thing that could happen if your company broke compliance? While some states do not apply PCI DSS compliance, the contract requires your company to apply DSS PCI standards, and there are consequences for breach of contract. While you are not breaking the law by violating your contract, your company could lose its partnership with PCI DSS. As mentioned in our first point, individual payment systems engage through PCI contractual channels or enter into agreements with payment card processing service providers (if they do not choose to take on the cost of storing, processing or transmitting the card owner`s data themselves).