We are aware that where a merchant is not compliant with PCI DSS, the Card Brands can impose fines on Acquiring Bank, and the Bank may pass the fines on to the merchant. If the merchant remains non-compliant, then fines will continue to be applied.

Is there a standard frequency for repeat fines ? Monthly ? Quarterly ? Or is it at the discretion of the Card Brand ?

Fines will be imposed monthly and you should have received a letter from your acquiring bank with this information. Fines differ between Level 1 and Level 2 merchants. You can find information about the fines here (http://datasecurity.wordpress.com/2007/01/21/non-compliance-fines/) and here (http://pcianswers.com/2007/02/06/non-compliance-fees-growing/).

This information is only for merchants in the USA. If you want information about penalties within your region you should contact your acquirer or regional card brand.