Bank Business Buyers Buying 2

As a small business owner, you have a seemingly endless number of regulations to abide by. You need to create a business entity, manage taxes, apply for licenses, and do tons of other tedious administrative tasks. 

And when it comes to payments, compliance requirements are stricter and even more important. You’re dealing with people’s financial and personal information. That’s sensitive stuff! 

Enter PCI compliance. Below, we’ll take a look at what it is and why it’s important for merchants. We’ll also explore how merchant service providers charge for these services, typical PCI compliance costs, and some other useful information about this pesky expense. 

What is PCI DSS compliance?

If your business accepts credit card and debit card payments, you’ll need to comply with a set of data security standards established by the PCI Security Standards Council. These guidelines are called the Payment Card Industry Data Security Standard (PCI DSS) and they’re meant to protect your customers’ credit card information against security breaches. 

Customer data is highly sensitive, and PCI compliance safeguards it using various measures for handling and preserving cardholder data. While card brands like Visa, Mastercard, Discover, and American Express require PCI compliance, its enforcement typically lies with individual processing companies.

What are PCI compliance fees?

PCI compliance fees are what you pay your credit card processor to ensure that your merchant account meets all applicable PCI DSS requirements. These are sometimes passed on to the merchant from the payment processor and are hidden fees you want to look out for when assessing payment processing options.

Pci1 1

PCI compliance is regulated at the state level, and merchant account providers may also set their own standards for data security. It’s important to familiarize yourself with your merchant account provider’s PCI compliance standards so you can find a compliant payment processor to avoid additional fees.

If a payment processor does charge a PCI compliance fee, you’ll want to ask if it comes with extras—many will offer ongoing consulting services to ensure you get and stay compliant. It’s important to ask about this information! You want to avoid being scammed by the PCI compliance fee. 

49498836 2149840671745974 1300272113021616128 N

 

It’s important to note that paying PCI fees doesn’t entirely free you from the responsibility of ensuring that your account is PCI compliant. While most processors will usually provide certain services to ensure compliance from a technical standpoint (more on this later), you’ll still need to fill out a Self-Assessment Questionnaire (SAQ) every six months. This is a series of yes-or-no questions that will tell you if you need to make any changes to become compliant.

What are PCI non-compliance fees?

Your payment processor may impose PCI non-compliance fees upon you if your account fails to meet the necessary PCI compliance standards. It’s essentially a monetary penalty for not abiding by the established regulations. 

Unfortunately, paying a PCI non-compliance fee doesn’t fund any attempt to bring your business up to standards. PCI non-compliance fees, therefore, are a financial drain on merchants. 

As such, one of the most common reasons that merchants are charged a non-compliance fee is the failure to update or complete the Self-Assessment Questionnaire (SAQ).

Here’s something else to look out for on your processing statements: PCI compliance fee and PCI non-compliance fee for the same period. Remember, these pesky fees are tricky and processors who charge them will try and sneak them in if they can. 

Why processors charge PCI compliance fees

We mentioned above that not all payment processors charge PCI compliance fees. There are various reasons why they do, typically involving some sort of added service for PCI compliance. Here are some examples: 

  • Cyber liability insurance: In the unfortunate scenario where you do face a data breach of some kind, come processors will include insurance to cover associated costs and damages.
  • Security scans: PCI requires merchants to run a security scan at least quarterly. Some payment processors will handle this for you as part of their PCI compliance fee. These scans must be done by an Approved Scanning Vendor (ASV).
  • Ongoing support: Your payment processor might provide ongoing consulting for changes to PCI compliance, as well as tech support for any questions or issues that pop up.
Pci2 1

How PCI compliance fees are calculated

Because they’re charged by the processor, PCI compliance fees are also set by the processor. Therefore, the exact numbers vary. However, they’re all calculated in a similar way: The processor determines what their fee structure is and decides if PCI compliance is included in those fees.

If the answer is no, they tack on a number depending on the additional services they would be providing and their target profit margin. You may be charged a monthly fee or an annual fee, depending on how the processor handles billing. 

Pci3 1

There are four ways that payment processors assess these fees:

1. An additional fee charged, no services provided. Unfortunately, there are some sketchy players in the payments industry who charge a fee for PCI compliance but offer no services in return. Read the fine print carefully, ask the right questions, and steer clear of such providers. 

2. No fee charged, additional services provided. The most merchant-friendly option. Your processor will provide certain services to ensure compliance but won’t be charging you any extra fees in exchange. 

3. An additional fee charged, additional services provided. Some processors will charge a fee for the services they provide in order to ensure PCI compliance. Make sure that the costs are reasonable and the services adequate. 

4. No fee charged, no services provided. In this model, your payment processor essentially leaves PCI compliance in your hands. This is quite rare these days, especially as eCommerce is more commonplace and data security is of utmost importance.

Payment Depot takes the second approach, which is what you want to look for in a payment processor.

The bottom line

Highest Rated Payment Processor In The Market

Overall, you want to find a payment processor that is PCI-compliant, doesn’t charge PCI compliance fees, and offers ongoing services to ensure compliance. Payment Depot checks all three boxes with membership-based pricing and no hidden fees. On average, our members save up to $400 a month on credit card processing fees. 

Quick FAQs about PCI Compliance Fees

Q: What are PCI compliance fees?

PCI compliance fees are charges imposed by credit card processors to ensure that your business adheres to the Payment Card Industry Data Security Standard (PCI DSS). These fees cover the cost of maintaining and verifying compliance with security standards designed to protect credit card information.

Q: Why is PCI compliance important for my business?

PCI compliance is crucial because it helps protect sensitive customer data from security breaches. By complying with PCI DSS, businesses minimize the risk of data theft, maintain customer trust, and avoid hefty fines associated with non-compliance.

Q: How are PCI compliance fees determined by payment processors?

Payment processors determine PCI compliance fees based on their fee structure and the additional services they provide. These fees can be monthly or annual, and they may include services like security scans, cyber liability insurance, and ongoing compliance support.

Q: What happens if my business is not PCI compliant?

If your business fails to meet PCI compliance standards, you may face non-compliance fees from your payment processor. Non-compliance can also increase the risk of data breaches, potentially leading to financial losses and damage to your business reputation.

Q: Do PCI compliance fees cover all compliance responsibilities?

While PCI compliance fees often include technical support and services to help ensure compliance, businesses are still responsible for completing a Self-Assessment Questionnaire (SAQ) every six months. This ensures ongoing compliance and identifies any areas that need improvement.

Q: What additional services might be included with PCI compliance fees?

Some payment processors offer added services with their PCI compliance fees, such as cyber liability insurance, quarterly security scans by Approved Scanning Vendors (ASVs), and ongoing consulting to help businesses stay compliant.

Q: Are there any hidden PCI compliance fees I should be aware of?

It’s essential to review your processing statements carefully to identify any hidden PCI compliance fees. Some processors may charge both compliance and non-compliance fees or include unnecessary charges. Understanding your processor’s fee structure can help you avoid unexpected costs.

Q: How often do I need to complete the Self-Assessment Questionnaire (SAQ) for PCI compliance?

Businesses are required to complete the SAQ every six months. This process involves answering a series of yes-or-no questions to assess compliance with PCI DSS and identify any necessary adjustments to maintain compliance.