The Complete Guide to PCI Compliance Fees (2023)

Is a PCI compliance fee another fake fee on your statement or is this a legitimate charge? Answering that question is complicated. But truthfully, it depends.

Some credit card processors do not charge a PCI fee at all, while some do charge the fee but provide no compliance support. Others charge a fee but help provide compliance and support.

In this blog we’ll discuss PCI Compliance, what it means, and how it may be important for your business. We will also discuss the PCI Non-Compliance fee that tends to pop up on statements consistently and how to avoid this fee.

PCI Compliance Fees Explained

PCI Compliance fees are imposed on businesses by their credit card processor. This is not a standard fee and will typically vary from provider to provider.

PCI DDS stands for Payment Card Industry Data Security Standard and is a set of guidelines that businesses must follow to ensure cardholder data remains secure.

Back in 2006, the major players in the credit card space formed the PCI Security Standards Council. The group was formed by Visa, American Express, Discover, Mastercard, and JCB International.

It is essentially in the hands of the processor to validate compliance for majority of merchants which has allowed processors the freedom to structure the fees almost as they wish.

Unfortunately, there is little recourse against these fees as the bulk of credit card processing companies will claim it is a necessary fee that they have no control over.

It’s worth noting you may also see something like a security fee, regulatory fee, or bankcard PCI fee on your statement which is simply a different name for a PCI Compliance Fee.

If your merchant services provider is adds a line item to charge PCI compliance fees on your statement, this guide is for you.

But as we’ll discuss shortly, you can avoid this charge and lower your credit card processing fees by maintaining PCI DSS requirements.

What is PCI Compliance?

PCI Compliance refers to the Payment Card Industry Data Security Standard. It is a set of rates than anyone accepting card payments has to follow. This is to ensure that all data received is kept out of the hands of hackers or fraudsters.

Requirements for being PCI compliant are complex and can vary widely pending on the business type.

For example, a merchant who keeps card information on file and is taking all transactions over a payment gateway (non face-to-face) is going to have a harder time staying compliant compared to a retail store that simply swipes the credit card and does not use a payment gateway.

Credit card associations have divided businesses into four levels of risk simply based on transactions processed on an annual basis.

• Processing over six million credit/debit transactions per year.
• Processing between one million and six million credit/debit card transactions per year.
• Processing between 20,000 and one million Visa e-commerce credit/debit transactions per year.
• Processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to one million Visa transactions annually

The bulk of small business owners will find themselves in category 4 which is a merchant “processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to one million Visa transactions annually.”

The majority of required actions to be compliant are accomplished by your credit card processor. That being said, there are some actions that you may have to complete.

The most important task merchants need to complete is the Self-Assessment Questionnaire (SAQ). This questionnaire needs to be completed on an annual basis and can be time consuming and difficult to pass at times.

Failing to complete the questionnaire typically results in you being charged a “PCI non-compliance fee” by your vendor.

What is a PCI Non-Compliance Fee?

A PCI Non-Compliance fee is essentially a penalty for failing to keep your account compliant with PCI DSS standards. This fee is only assessed if you missed something on your end to keep the account compliant.

How much is a PCI compliance fee? The fees range anywhere from $19.99 a month to $125.00 per each merchant ID. The majority of merchant service providers will charge you a PCI non-compliance fee if you fail to keep your account compliant.

For example, TSYS charges $94.95 per month for PCI non-compliance. Vanco charges $23.95 for non-compliance. As you can see, there’s a significant difference here.

Failure to complete the Self-Assessment Questionnaire is the most common reason businesses get charged this fee.

The biggest issue with the PCI Non-Compliance fee is that you start getting charged this fee with little to no notice. The credit card processing companies typically do not reach out to ensure you complete this survey annually.

That being said, there are a few companies that do not charge this fee including Stripe, PayPal, Braintree and a few other large vendors.

How to Avoid PCI Non-Compliance Fees

To remain PCI compliant and avoid fees, all business owners must complete the Self-Assessment Questionnaire once per year.

The questions are fairly standard such as the type of merchant you are, how you take your payments, cards on file etc.

You will be required to list all of your locations and which credit card processors you are using.

Can I get a Refund When I Become PCI Compliant?

If you have been incurring the PCI non-compliant fee and have recently become compliant we always recommend reaching out to your vendor in order to ask for a refund.

They typically will give you back at least 3-6 months sometimes even more.

Depending on how long you have been non compliant for these refunds can end up being significant.

Maintaining PCI Compliance to Avoid PCI Compliance Fees

Maintaining PCI Compliance is an important and inevitable part of having a merchant account. Regardless of business type or volume processed, you are going to have to maintain compliance.

PCI compliance fees vary from processor to processor.

It is important prior to signing on with a new merchant processor to understand how you would become and stay PCI compliant along with the full costs. Always ask the vendor how the PCI compliance fee is going to be charged and how much. (99% of the time it will be an annual fee of around $100.00).

As discussed, paying a fair PCI fee to remain compliant is fair, but be careful that your vendor does not try and use it as a quick money grab.

Sales reps in this industry tend to leave as many fees out of the discussion as possible when trying to sign you up.

Paying an annual cost for PCI compliance usually is unavoidable pending on which vendor you are with. That being said, the PCI non-compliance fee can always be avoided by completing the questionnaire on an annual basis.

Remember, as soon as you see the PCI non-compliance fee pop up on your statement reach out to your vendor, complete the survey and request a refund for the fee.

Have questions about other fees or how to lower your costs? Check out our complete guide to credit card processing.

Final Thoughts on PCI Compliance Fees

Every business should be PCI compliant. It’s helps protect your customers, protects your business, and helps you avoid unnecessary fees.

If you see a PCI fee on your monthly processing statement, we can help you get rid of it. Reach out to our team to find out how to save money on credit card processing and avoid junk fees on your bill. We’ll negotiate your rate directly with your processor to eliminate these types of fees from your statement.