What Are PCI Compliance Fees and Should You Pay Them?

By Alexandra Sheehan

As a business owner, you have a seemingly endless number of regulations to abide by. You need to create a business entity, deal with taxes, apply for licenses, and tons of other tedious administrative tasks. 

And when it comes to payments, compliance is even stricter and more important. You’re dealing with people’s financial and personal information. That’s sensitive stuff! 

Enter PCI compliance. Below, we’ll take a look at what it is, PCI compliance (and non-compliance fees), and some little-known secrets about this pesky expense. 

What are PCI compliance fees?

The Payment Card Industry (PCI) has Data Security Standards (DSS) for merchants and payment processors to meet. These standards are put in place for consumer and merchant protection. Customer data is highly sensitive information, and PCI compliance safeguards that information with various measures for handling and preserving data. 

PCI compliance is regulated at the state level, and merchant account providers may also set their own standards for data security. It’s important to familiarize yourself with your merchant account provider’s PCI compliance standards so you can find a compliant payment processor to avoid additional fees.

PCI compliance fees are sometimes passed on to the merchant from the payment processor. This is a hidden fee you want to look out for when assessing payment processing options. 

If a payment processor does charge a PCI compliance fee, you’ll want to ask if it comes with extras — many will offer ongoing consulting services to ensure you get and stay compliant. It’s important to ask about this information! You want to avoid being scammed by the PCI compliance fee. 

Generally speaking, it’s better to choose a provider that doesn’t charge you extra for PCI compliance. At Payment Depot, for example, PCI fees are included with your membership fee, so you don’t have to worry about more costs.

What are PCI non-compliance fees?

PCI non-compliance fees are charged when you use a payment processor that does not meet PCI compliance standards. It’s essentially a monetary penalty for not abiding by the established regulations. 

To determine if you’re compliant, there’s a Self-Assessment Questionnaire (SAQ) you can fill out. The series of yes-or-no questions will tell you if you need to make any changes to become compliant. 

Unfortunately, paying a PCI non-compliance fee doesn’t fund any attempt to bring your business up to standards. PCI non-compliance fees are a financial drain on merchants. 

Here’s something else to look out for on your merchant account statements: PCI compliance fee and PCI non-compliance fee for the same period. Remember to check our statements! These pesky fees are tricky and processors who charge them will try and sneak them in if they can. 

Why processors charge PCI compliance fees

We mentioned above that not all payment processors charge PCI compliance fees. There are various reasons why they do, typically involving some sort of added service for PCI compliance. Here are some examples: 

Cyber liability insurance: In the unfortunate scenario where you do face a data breach of some kind, come processors will include insurance to cover associated costs and damages.

Security scans: PCI requires merchants run a security scan at least quarterly. Some payment processors will handle this for you as part of their PCI compliance fee. These scans must be done by an Approved Scanning Vendor (ASV).

Ongoing support: Your payment processor might provide ongoing consulting for changes to PCI compliance, as well as tech support for any questions or issues that pop up.

How PCI compliance fees are calculated

Because they’re charged by the processor, PCI compliance fees are also set by the processor. Therefore, the exact numbers vary. However, they’re all calculated in a similar way: The processor determines what their fee structure is, decides if PCI compliance is included in those fees, and the answer is no, they then add on a number depending on additional services provided and their target profit margin. 

The fees might be charged monthly or annually, depending on how the processor handles billing. 

There are four ways processors assess these fees:

  1. Additional fee, no services.
  2. No fee, additional services. 
  3. Additional fee, additional services. 
  4. No fee, no services.

Payment Depot takes the second approach, which is what you want to look for in a payment processor.

The bottom line

Overall, you want to find a payment processor that is PCI-compliant, doesn’t charge PCI compliance fees, and offers ongoing services to ensure compliance. Payment Depot checks all three boxes with membership-based pricing and no hidden fees. On average, members save 40% on processing fees. 


Learn more about Payment Depot >