Security and PCI Compliance

PCI Compliance Fee: Legit or Rip Off?

by

Is a PCI fee just another junk credit card processing fee, or is it a legitimate charge? Actually, it’s both. Some credit card processors charge a PCI fee and provide no compliance support, others charge a fee for providing compliance scanning and assistance, and some don’t charge a fee at all.

PCI DSS stands for Payment Card Industry Data Security Standard, and it’s essentially a set of guidelines that businesses follow to ensure cardholder data remains secure. PCI is managed by the PCI Security Standards Council, and PCI compliance is required by Visa and MasterCard for any business that accepts credit cards.

The PCI compliance mandate leaves the responsibility of validating compliance for a large segment of merchants in the hands of processors. This freedom has allowed processors to approach PCI fees in three general ways.

The processor charges a PCI compliance fee and also provides compliance support.

A PCI fee is legitimate and even beneficial to a business if the processor provides compliance support and the fee charged for the support is reasonable.

Navigating PCI compliance is confusing and time consuming — especially for e-commerce businesses. In light of this, many processors provide support to help businesses navigate the perils of PCI compliance such as self-assessment questionnaires and quarterly network vulnerability scans.

If the PCI fee charged for such support is reasonable, it is often less than a business person would pay if she were to navigate PCI on her own.

For example, a legitimate PCI fee would be something in the area of $70-$120 a year, or about $6-$10 a month for compliance support involving scans and assistance completing compliance questionnaires. The PCI fee may be greater or less depending on the level of support the processor provides.

The processor charges a PCI compliance fee and provides little or no compliance support.

Paying a PCI fee for nothing is very similar to paying a PCI non compliance fee – both types of charges are pure profit for the processor.

Contrary to what many sales people claim, Visa and MasterCard do not charge processors anything for PCI. There is no cost the processor must pass along to cover its expenses from the card brands.

If you’re paying a PCI fee, you should be getting something for your money. If you’re not, you’re simply padding your processor’s pocket.

The processor does not charge a PCI compliance fee.

The burden of validating PCI compliance has fallen to individual merchant service providers and processors, and many have chosen to let businesses tackle PCI compliance on their own.

Generally, there are two reasons why processors take this approach, and one is actually in the best interest of businesses.

PCI fees are calculated on a per-case basis.

PCI compliance and validation is less expensive for retail businesses than it is for e-commerce businesses, yet both types of businesses pay processors the same monthly or annual PCI fee.

Processors that allow businesses to handle PCI on their own ensure each business pays its fair share for compliance and validation instead of subsidizing the cost of PCI for other businesses.

Lower fees provide a leg up on the competition.

It’s no secret that the processing industry is very competitive, and processors are always looking for ways to appear less expensive than the competition. Slashing a monthly or annual PCI fee from the rate sheet is always seen as a plus by a prospective client.

Rarely, processors will provide PCI support at no charge. A couple such processors can be found in CardFellow’s free marketplace, but finding them elsewhere is pretty tough.

TwitterFacebookLinkedIn
Ben Dwyer

BY Ben Dwyer

Ben Dwyer began his career in the processing industry in 2003 on the sales floor for a Connecticut‐based processor. As he learned more about the inner‐workings of the industry, rampant unethical practices, and lack of assistance available to businesses, he cut ties with his employer and started a blog where he could post accurate information about credit card processing.As the blog gained in popularity, Ben began directly assisting merchants in their search for a processor. Ben believes in empowering businesses by providing access to fair, competitive pricing, accurate information, and continued support. His dedication to transparency and education has made CardFellow a staunch small business advocate in the credit card processing industry.

FOUND THIS USEFUL? SHARE THIS!
 

Credit Card Processing exposed

Use the secrets that credit card processors don't want
you to know to drastically lower your credit card
processing fees.

Read Now!
 

You might also like…

PCI Compliance
PCI Qualified Security Assessors

View all articles

Please join the conversation

Your email address will not be published.

3 COMMENTS

  1. from Ben, on December 3, 2014

    Hi Drew,
    It varies, but the answer is pretty easy to find. Simply create a free profile here at CardFellow and you’ll receive quotes from multiple processors instantly. A quotes are monitored by CardFellow and guaranteed to be fully-disclosed. If a PCI fee isn’t listed, it isn’t charged.

  2. from Jane, on April 24, 2015

    As a merchant, I’m already paying an annual PCI complaint fee of $175.00. Now they’re requiring me to upgrade my terminal to ceertify for PCI compliance. Is this legit or just another sales tactic?

    • from Ellen Cunningham, on April 27, 2015

      Hi Jane,
      Is the company requiring you to upgrade to an EMV-compliant terminal? There is a deadline looming for merchants to utilize EMV-compliant terminals, in order to reduce fraudulent transactions. More information on EMV can be found here: https://www.cardfellow.com/blog/2015-emv-mandate/