When Merchants sign a deal by using a payment processor, they agree to be subject matter to fines should they fail to take care of PCI DSS compliance. PCI compliance is split into 4 concentrations, based on the once-a-year number of credit score or debit card transactions a company processes. https://www.nathanlabsadvisory.com/blog/tag/security-culture/