Every merchant who takes credit cards needs to be PCI compliant. They need to understand what PCI compliance means too and they need to understand the true cost of compliance and that of non-compliance.
Let's talk about the cost of non-compliance first. There is zero day-to-day cost in being non-compliant. For a small business, this can be very appealing. It does not cost a single penny to do things the same way a merchant has been doing things for years. Those vendors who are required to scan their websites and do a self-assessment are often fined up to $20 a month if they are out of compliance by their merchant vendor.