Is PCI Compliance Required by Law?

As a business with an online component, the question, “is PCI compliance required by law?” mat as well boil down to a question of how to make a website safe for business, particularly in a time when high volume payment processing is becoming the norm. Since people are stuck inside, they’re buying goods and services more online. This puts pressure on safety procedures to ensure the security of their information.

Whether a business complies with PCI requirements can significantly affect their reputation, even if there are no direct legal consequences. Read on to learn more about what PCI law is and how exactly it can affect a business running an online store during the pandemic and beyond.

Define PCI requirements

PCI requirements are a set of guidelines devoted to encouraging safe procedures to enable customers to conduct transactions securely.

So to answer the question, “is PCI compliance required by law?” the short answer is that businesses or owners cannot be fined or jailed for failing to comply. However, business owners can be fined by their credit card payment processor for failure to comply, and business owners who fail to comply can be subject to additional liability in the event of fraud or a data breach.

These guidelines were developed to protect customers using their debit, credit, ACH, echeck, or other eCommerce payment methods online and face-to-face. This means that failure to comply with PCI requirements could make cardholders’ financial information vulnerable to theft or hacking. New standards in law make online businesses responsible for these lapses in security.

So while PCI compliance is not necessarily mandated by statute, businesses could be liable for failing to comply if their customers’ financial information is vulnerable.

How to remain PCI compliant

Firewalls are a good first step toward PCI compliance. Businesses dealing with high volume payment processing on their sites need the right security measures to protect cardholders’ data. Another step for remaining PCI compliant is to change default passwords and restrict server access. Default passwords are easy to hack so generating an original, strong password could be the simplest way to maintain PCI compliance. Restricting server access to key personnel also reduces the chance that passwords could be hacked.

The Takeaway

PCI requirements are in place by states to protect consumers from websites with low security features so that their information is protected at the same time they are. Is PCI compliance required by law? Technically, the answer is “no.” However, in 2020, businesses can still face devastating potential consequences if they fail to refine payment processing technology with safety features to protect their customers.

For more information on how to become or remain PCI compliant, or answers to frequently asked questions, or to sign up for a merchant account, visit or call (888) 924-2743.

Leave a Comment