PCI compliance is not a government law, but it is a contractual requirement enforced by credit card companies like Visa, Mastercard, and others. If your store accepts credit card payments, you are required to follow the Payment Card Industry Data Security Standard (PCI DSS). Failure to comply can result in fines, higher processing fees, loss of the ability to accept cards, and liability if a data breach occurs.