Questions about compliance and possible fines due to a compromise should be addressed directly to the payment card brands and/or acquirers.
Article Number 1037
How do I contact the payment card brands?
Are compliance certificates recognized for PCI DSS validation?
If a merchant or service provider has internal corporate credit cards used by employees for company purchases like travel or office supplies, are these corporate cards considered ‘in scope’ for PCI DSS?
Do shared hosting providers need to comply with PCI DSS?
Can an entity be PCI DSS compliant if they have performed quarterly scans, but do not have four “passing” scans?