Branden Williams noted last week that MasterCard has entered the world of fining merchants that do not comply with the PCI DSS standard (3.1.2.2 Noncompliance Assessments).  This should signal nothing more than the wave of security gaining momentum as more and more card brands gather behind the concept of securing electronic payments.

Branden has the breakdown here, along with a comparison of Visa vs MasterCard fines.  End result? MasterCard fines more than Visa according to his blog post.

Visa Compliance Acceleration Program (CAP) as follows:
* Level 1 Merchant: $25K/mo ($300K/yr) plus tiered merchants bumping down one tier (total $$$ unknown)
* Level 2 Merchant: $5K/mo ($60K/yr)

My understanding (though their appears to be some question about this) is that these fines are assessed quarterly until compliant1.
* Level 1 & 2: $25K, $50K, $100K, $200K ($375K/yr)
* Level 3: $10K, $20K, $40K, $80K ($150K/yr)

StorefrontBacktalk has more information here.

I don’t think this would even be on the table unless we had reached critical mass.  By all accounts, greater than 50% of merchants have taken measures to secure their payment-card transactions.  This means the card brands are standing on firm ground when they roll out fine structures that impact the stragglers who have resisted implementing sound security practices.