Payment card industry (PCI) compliance comprises a set of standards that help maintain the security of credit card transactions. These standards are developed and regulated by the PCI Security Standards Council — a council founded in 2006 by American Express, Discover, JCB International, Mastercard and Visa Inc.
The standards maintain the security of credit card networks and protect sensitive cardholder data. A provider that meets the council’s standards — a set of 90 key and base requirements alongside 400 test procedures — are considered PCI compliant.
What is a PCI compliance fee?
A PCI compliance fee is a payment processing fee — typically charged in return for PCI compliance services. But payment processing providers tend to handle this fee differently.
Some don’t charge PCI compliance fees and don’t provide PCI compliance services. Others charge the fee and offer compliance services. While others still charge the fee and don’t provide a service — an unsavory business practice that leaves you responsible for PCI compliance while tacking on an ambiguous fee for nothing.
Most providers that charge the fee do offer some degree of service, including security scans, data breach insurance and educational resources on PCI compliance to help you understand how to keep your business safe.
Why am I being charged this fee?
Payment processors charge PCI compliance fees to help cover the costs of keeping onboarded merchants PCI compliant. These standards are mandated by credit card issuers and help regulate credit card security, so it’s something all businesses, regardless of size or industry, must deal with.
What is a PCI noncompliance fee?
Your payment processor charges you a PCI noncompliance fee for failing to keep your business PCI compliant.
Why am I being charged this fee?
The most common reason for your business being nailed with a PCI noncompliance fee is for failing to complete your annual Self-Assessment Questionnaire (SAQ).
SAQs are drafted by the PCI Security Standards Council and require you to disclose information about how your business processes payments. Some processors help you fill out the form or will even complete it on your behalf. Guidelines and forms can also be found on the PCI Security Standards Council’s website. Businesses are considered non-compliant if they fail to complete the form or fail to answer all questions in the SAQ affirmatively.
Do all providers charge PCI fees?
Many providers charge PCI fees in some form or another. Some charge PCI compliance fees, but no PCI noncompliance fees — and vice versa. There are a handful of providers that don’t charge any PCI fees at all, including Chase Merchant Services and Stripe.
How much do PCI fees cost?
PCI compliance fees
PCI noncompliance fees
PCI compliance fees are charged monthly or annually. Monthly fees typically range from $4.99 to $19.95, while annual fees tend to fall between $50 and $99.
PCI non-compliance fees are usually charged monthly and may or may not include a grace period. Fees tend to fall between $10 and $45 for each month your business remains noncompliant.
How can I avoid paying PCI fees?
Whether or not you’re charged PCI fees depends on your payment processing provider. While you can typically avoid noncompliance fees by completing your annual Self-Assessment Questionnaire, PCI fees are at the discretion of your provider.
If you’re interested in a provider that charges no PCI compliance or noncompliance fees, check out Chase Merchant Services or Stripe.
How to tell if you’re being charged PCI fees
PCI fees are sometimes called security or regulatory fees. But more often than not, the fee will be clearly identified on your processing bill. There are a few different ways it can appear, but the PCI designation makes it easy to identify:
PCI validation fee
PCI non-compliance fee
Compare payment processors
If you’re being charged more fees than you’re comfortable with, compare your processing options to get the best deal.
PCI fees are prevalent in the processing industry, but far from mandatory. Explore your payment processing options to find a provider that offers the best service for your business.
Frequently asked questions
PCI compliance applies to any business that accepts credit or debit card payments. For these businesses, PCI compliance is mandatory.
Card issuers can fine acquiring banks and payment processors between $5,000 and $100,000 monthly for PCI compliance violations. These fines can be passed along to the merchant or business found to be noncompliant.
Shannon Terrell is a writer for Finder who studied communications and English literature at the University of Toronto. On any given day, you can find her researching everything from equine financing and business loans to student debt refinancing and how to start a trust. She loves hot coffee, the smell of fresh books and discovering new ways to save her pennies.
How likely would you be to recommend finder to a friend or colleague?
Very UnlikelyExtremely Likely
Thank you for your feedback.
Our goal is to create the best possible product, and your thoughts, ideas and suggestions play a major role in helping us identify opportunities to improve.
finder.com is an independent comparison platform and information service that aims to provide you with the tools you need to make better decisions. While we are independent, the offers that appear on this site are from companies from which finder.com receives compensation. We may receive compensation from our partners for placement of their products or services. We may also receive compensation if you click on certain links posted on our site. While compensation arrangements may affect the order, position or placement of product information, it doesn't influence our assessment of those products. Please don't interpret the order in which products appear on our Site as any endorsement or recommendation from us. finder.com compares a wide range of products, providers and services but we don't provide information on all available products, providers or services. Please appreciate that there may be other options available to you than the products, providers or services covered by our service.