If you are a business owner, you may have encountered a PCI (Payment Card Industry) compliance or non-compliance fee on your statements. You might wonder why these fees are necessary, how they are calculated, and how they are regulated. On top of everything else you’re doing to run a business successfully—logistics, licensure, taxes—why are you responsible for yet another charge? Below, we’ll review everything you need to know about PCI compliance fees, including how they can help protect you and your customers from fraud.
First things first: what is a PCI fee for merchant services? To put it simply, the Payment Card Industry has established specific data security standards (DSS) that help protect customers’ private financial information. Sensitive information like financial consumer data is in high demand, and unfortunately, data breaches are becoming more and more common. PCI compliance fees ensure that merchants are taking appropriate measures to safeguard the customer data they collect.
PCI compliance fees are regulated by the Payment Card Industry Security Standards Council and are required by most Card Brand networks. When choosing a payment processing company or ISO (independent sales organization), make sure the company is PCI compliant and upfront about what their compliance standards mean. The best ISO payment processing companies are upfront with merchants about honoring these fees and data security needed to maintain compliance. Some of these companies also set their own standards for PCI compliance on top of state-level recommendations to ensure data safety.
And get as much information as you can from the payment processing team you’re working with; some vendors pass along the fee directly to the merchant, while others include it as part of the “membership” fee. If it is a separate charge, sometimes payment companies will offer additional compliance services—including personalized consulting, etc.—to ensure you’re on top of all your requirements. Make sure you ask about these perks! The last thing you want is to get slapped with additional charges for being non-compliant.
When you fail to comply with the data security standards, you will likely get charged a PCI non-compliance fee. Compliance issues usually happen when you choose a payment processor that does not meet PCI compliance standards. It’s just an incentive to play by the rules to avoid breaches of your customers’ information. Sadly, just paying the fee is not enough and will not exempt you from future charges! You need to make sure you find an ISO or payment processing company that offers PCI-compliant processing solutions. Until you do, you could get stuck with PCI non-compliance fees every month. These fees are a waste of precious capital and can be easily avoided!
And make sure to check your merchant account statements to make sure you’re not being charged a PCI compliance fee and a PCI non-compliance fee for the same period. Processors looking to make extra money can usually get away with these charges because they assume merchants won’t notice.
Compliance fees vary widely. Variation occurs because there is a range of services that PCI fees can cover; for example, some processors include the following services when they charge merchants for PCI fees:
If there is a data breach involving your customers despite following all the PCI compliance rules, this insurance will cover any associated costs
As part of PCI compliance, merchants must conduct a security scan (usually, a quarterly requirement). Security scans ensure no breaches have occurred, and many payment processing services include this in a PCI compliance fee.
A payment processing company that charges a PCI fee will likely provide advisory or consulting services to you if any questions or concerns arise.
Depending on which services are covered (or not), the price tag for a PCI compliance fee will vary. In general, look for payment processing services that offer the additional services listed above for no extra charge. These companies have your (and your customers’) best interests in mind. Usually, they provide the kind of support you want to maintain PCI compliance and offer the most significant protection for your data.
The best decision you can make to stay PCI compliant is choosing an ISO payment processing company that you can trust to ensure compliance with PCI requirements. Accredited Interchange is an ISO deeply committed to helping small businesses thrive—offering robust compliance support without sneaky, hidden fees. Our commitment to customer service provides precisely the kind of support you want onboard to avoid PCI non-compliance fees and any security breaches!