PCI DSS: Why it pays to comply