Breached merchants will be penalized by Visa from 5,000 dollars monthly.

​Each and every size of the business that accepts credit and debit cards on-line or in-person needs to be compliant by PCI DSS. As from January 2017 this requirement will be mandatory to the smaller, level 4 merchants as well.  
Business owners need to be aware about the business and financial impact in case of the breach where Visa will be giving a fine of 5,000 dollars monthly until the breach is fixed and the compliance will be achieved. Other card brands would provide with a similar fine in case of the breach and non-compliance.