Credit Card Processing, Security and PCI Compliance

PCI Non Compliance Fee: An Expensive Reminder


Processors use PCI non-compliance fees as an expensive monthly reminder to prompt businesses to become PCI compliant. Visa and MasterCard do not impose fees on businesses that are PCI non-compliant, making a PCI non-compliance fee a pure profit charge for processors.

Some processors choose to charge a PCI non-compliance fee when a business fails to provide proof that it complies with Payment Card Industry (PCI) Data Security Standards (DSS). Sales people in the industry sometimes justify the fee as a penalty charged by Visa and MasterCard that is simply being passed along, which is not necessarily true. Visa & MasterCard do not charge PCI fees, but they do impose fines. Visa and MasterCard do not charge businesses or processors a fee for PCI non-compliance. However, the cards brands may impose compliance fines if non-compliance leads to a security issue or breach.

The card brands’ fines are often large, one-time charges imposed after a security-related issue occurs. PCI non-compliance fees, on the other hand, are relatively small monthly or annual fees imposed directly by processors. Since Visa and MasterCard don’t charge non-compliance fees, the revenue generated from these fees goes straight into processors’ pockets.

Processors set PCI non-compliance fees individually

It’s the responsibility of individual processors to validate compliance, so each processor chooses whether to charge a PCI non-compliance fee, and if so, how much the fee is.

PCI non-compliance fees typically range from $10 to $30 a month, but can go as high as $100 a month for processors interested in leveraging the fee for excessive profits.

How to get rid of PCI non-compliance fees

The legitimate purpose of the PCI non-compliance fee is to encourage businesses to become compliant. If you see a noncompliance fee on your credit card processing statement, call your processor and inquire about having it removed.

PCI compliance is often not as painful as it sounds. In the case of retail businesses that swipe the majority of transactions, compliance is as simple as completing a self-assessment questionnaire. In the case of e-commerce businesses, compliance entails a questionnaire and quarterly network scans.

The latter is a little more involved, but neither justify paying a PCI non-compliance fee that can be hundreds or even thousands of dollars a year.

Ben Dwyer

BY Ben Dwyer

Ben Dwyer began his career in the processing industry in 2003 on the sales floor for a Connecticut‐based processor. As he learned more about the inner‐workings of the industry, rampant unethical practices, and lack of assistance available to businesses, he cut ties with his employer and started a blog where he could post accurate information about credit card processing.As the blog gained in popularity, Ben began directly assisting merchants in their search for a processor. Ben believes in empowering businesses by providing access to fair, competitive pricing, accurate information, and continued support. His dedication to transparency and education has made CardFellow a staunch small business advocate in the credit card processing industry.


Credit Card Processing exposed

Use the secrets that credit card processors don't want
you to know to drastically lower your credit card
processing fees.

Read Now!

You might also like…

PCI Compliance

View all articles

Please join the conversation

Your email address will not be published.


  1. from Tommy, on April 1, 2015 22:32:24

    Like Andrew said, the non-compliance fees are charged to help the processor cover the cost of managing non-compliant merchants and to also serve to cover the costs when the merchants get breached. Charging $10-$100 per month is relatively cheap for the level of risk the processor is facing.

  2. from Andrew, on July 3, 2013 06:36:40

    Oftentimes these non-compliance charges exist to help the processor cover the cost of managing non-compliant merchants. There is a significant overhead to the acquirer/processor in terms of reporting levels of compliance. This isn’t pure profit, but acts as both an incentive to get the merchant to submit the correct information so the processor or acquirer can get a better understanding of the risk. Some processors even use this revenue as a buffer for merchants that get breached, so that they can help soften any fraud losses.