Why Cybersecurity Month is the Right Time to Re-Evaluate Your Payment Data Compliance

October is National Cybersecurity Awareness Month, and it's the ideal time for retailers to revisit their data security practices. Among shifting compliance and regulatory changes, retailers need to review the shifts that have taken place and ensure they’ve accurately updated their processes to meet requirements.

One major change came in March as businesses across the country updated their payment data security practices to comply with the new Payment Card Industry Data Security Standard (PCI DSS). This new version created a major shift in payment protection by introducing revised self-assessment questionnaires, stricter cardholder data policies, and updated core requirements. With the risk of monetary and reputational damage, businesses need to ensure they remain compliant and protect their customers’ data.

The Cost of Falling Behind

PCI DSS compliance isn't a one-time task. It’s a continuous process designed to increase consumer protection against cyber threats through a set of 12 requirements. These include using firewalls, installing password protection, and encrypting transmitted cardholder data to reduce the risk of data breaches, fraud, and payment system vulnerabilities.

Although it isn’t mandated by law, failing to comply can result in fines ranging from $20 to $5,000 per month, depending on the severity of the noncompliance or data breach. Additionally, in the event of a breach, businesses can be held liable for reissuing cards, covering fraudulent charges, and paying additional penalties. This comes as the retail industry becomes increasingly vulnerable to cyberattacks and data breaches.

A Growing Threat Landscape

In 2025, the cost of data breaches in the retail sector reached $3.54 million, a nearly 20 percent year-over-year growth since 2023, according to the 2025 Cost of a Data Breach Report from IBM.

These attacks don’t just threaten consumers; they expose retailers to PCI DSS violations, including rising noncompliance fees. These are quietly added to merchant statements, appearing as additional charges on monthly statements. In addition to these upfront penalties from cyberattacks, these quietly added fees further erode profit margins and make it even harder to stay financially resilient amid growing cyber threats.

Using National Cybersecurity Awareness Month to Take Action

This month offers the perfect reminder to strengthen your payment security. Here are a few ways retailers can take action:

1. Reassess PCI DSS 4.0 readiness. Review your self-assessment questionnaires and ensure your policies align with the current standard.
2. Audit merchant statements. Identify hidden fees and noncompliance penalties that may be driving up processing costs.
3. Implement monitoring guidelines. Use compliant hosting and real-time monitoring tools to detect vulnerabilities early.
4. Engage third-party experts. Independent audits can uncover compliance risks and savings opportunities that internal reviews might miss. This approach ensures your business is putting its best foot forward.

Vigilance is a Year-Round Commitment

Businesses should consistently review their payment data practices to familiarize themselves with the terms and regulations driving the processing industry. For those without the time or resources to do so internally, leveraging technological solutions and industry consultants can help ensure ongoing compliance and provide the year-round vigilance needed to stay protected. While October is a timely reminder for retailers to reassess their data protection standards, year-round vigilance is the most proactive way to ensure compliance and safeguard against ever-evolving threats.

Eric Cohen is the CEO of Merchant Advocate, a trusted leader in auditing merchant services.