Although, if found to be out of compliance with PCI standards, businesses may be subject to fines by the entity they use to process their card transactions. Furthermore, if your payment system is breached and your customers’ data is stolen, any losses incurred by banks and financial service providers may be passed on to you, such as being charged for card replacement costs, or sued for brand damage.
It is always important to remember that PCI compliance does not guarantee payment security. The PCI Security Standards Council say themselves that their regulations are just the minimum requirements for protecting a business and its customers. There is always room for more steps and security measures to be implemented.