Retailers that fail Payment Card Industry Data Security Standard (PCI DSS) assessments can be fined up to $500,000. Additional penalties can range from increased assessment requirements to retraction of credit card processing privileges. Generally, retailers that process over 20,000 credit card transactions per year must fill out an annual self-assessment and conduct quarterly network scans by an approved vendor. Retailers that process over 6 million credit card transactions per year are also subject to annual on-site assessments. While on the surface the PCI standard seems straight forward, upon deeper inspection in preparation for an on-site assessment, compliance can become more complicated.