Many providers proudly advertise their service as PCI compliant. So what’s with the PCI fees that crop up on your monthly processing bill? Here’s how PCI fees work — and how you can avoid them.
Payment card industry (PCI) compliance comprises a set of standards that help maintain the security of credit card transactions. These standards are developed and regulated by the PCI Security Standards Council — a council founded in 2006 by American Express, Discover, JCB International, Mastercard and Visa Inc.
The standards maintain the security of credit card networks and protect sensitive cardholder data. A provider that meets the council’s standards — a set of 90 key and base requirements alongside 400 test procedures — are considered PCI compliant.
A PCI compliance fee is a payment processing fee — typically charged in return for PCI compliance services. But payment processing providers tend to handle this fee differently.
Some don’t charge PCI compliance fees and don’t provide PCI compliance services. Others charge the fee and offer compliance services. While others still charge the fee and don’t provide a service — an unsavory business practice that leaves you responsible for PCI compliance while tacking on an ambiguous fee for nothing.
Most providers that charge the fee do offer some degree of service, including security scans, data breach insurance and educational resources on PCI compliance to help you understand how to keep your business safe.
Why am I being charged this fee?
Payment processors charge PCI compliance fees to help cover the costs of keeping onboarded merchants PCI compliant. These standards are mandated by credit card issuers and help regulate credit card security, so it’s something all businesses, regardless of size or industry, must deal with.
Your payment processor charges you a PCI noncompliance fee for failing to keep your business PCI compliant.
Why am I being charged this fee?
The most common reason for your business being nailed with a PCI noncompliance fee is for failing to complete your annual Self-Assessment Questionnaire (SAQ).
SAQs are drafted by the PCI Security Standards Council and require you to disclose information about how your business processes payments. Some processors help you fill out the form or will even complete it on your behalf. Guidelines and forms can also be found on the PCI Security Standards Council’s website. Businesses are considered non-compliant if they fail to complete the form or fail to answer all questions in the SAQ affirmatively.
Many providers charge PCI fees in some form or another. Some charge PCI compliance fees, but no PCI noncompliance fees — and vice versa. There are a handful of providers that don’t charge any PCI fees at all, including Chase Merchant Services and Stripe.
|PCI compliance fees are charged monthly or annually. Monthly fees typically range from $4.99 to $19.95, while annual fees tend to fall between $50 and $99.||PCI non-compliance fees are usually charged monthly and may or may not include a grace period. Fees tend to fall between $10 and $45 for each month your business remains noncompliant.|
Whether or not you’re charged PCI fees depends on your payment processing provider. While you can typically avoid noncompliance fees by completing your annual Self-Assessment Questionnaire, PCI fees are at the discretion of your provider.
If you’re interested in a provider that charges no PCI compliance or noncompliance fees, check out Chase Merchant Services or Stripe.
How to tell if you’re being charged PCI fees
PCI fees are sometimes called security or regulatory fees. But more often than not, the fee will be clearly identified on your processing bill. There are a few different ways it can appear, but the PCI designation makes it easy to identify:
- PCI fee
- PCI validation fee
- PCI non-compliance fee
If you’re being charged more fees than you’re comfortable with, compare your processing options to get the best deal.
PCI fees are prevalent in the processing industry, but far from mandatory. Explore your payment processing options to find a provider that offers the best service for your business.