Again, Remember that these aren’t “fines” in exactly the same feeling that, say, you’d buy violating some govt regulation or website traffic law; they’re penalties built right into a contract amongst merchants, payment processors, and card brands. The distinction between the different types of SOC audits lies during the scope https://www.nathanlabsadvisory.com/blog/tag/information-security-policy/
