A Comprehensive Guide to the PCI Compliance Fee

November 8, 2021/ Posted in Credit Card Processing

The number of non-cash transactions in the US is estimated to be around 144 billion yearly. There is no need to emphasize the importance of cashless payments for the growth of your company. And no matter what kind of credit card processing services you get, the PCI compliance fee will be on your account statement at the end of the month. So what is it and why do you pay it?

No matter how big or small your business is, you will have to be PCI compliant

You probably already know all about average credit card processing fees, but how much do you know about other expenses you are paying? Even when listed on the merchant statement, it is not always clear what these charges are supposed to cover or who they go to. And credit card processing companies often fail to explain why they are charging specific merchant services rates to their customers unless asked directly. Here, we will explain all about the PCI compliance fee and merchant services and why it is essential to have both.

Credit Card Payments in a Nutshell

With so many payment processing companies out there, you can easily end up with a merchant account that is too expensive to maintain. From POS fees to interchange fees, this can all be confusing and challenging, especially if this is your first business venture. But if you know how credit card processing works, it may be easier later on when dealing with all these payments and transactions. For starters, let’s explain who the main entities involved in each transaction are:

  • Cardholder – This is your customer who wants to pay with plastic.
  • Merchant – There are different types of businesses, but everybody selling goods by accepting cashless payments is relevant in this process.
  • Merchant’s bank – This is the bank that will establish and maintain your account.
  • Payment processors – Companies that carry out credit card processing. They connect merchants, banks, card networks, and others.
  • Issuing bank – This is a bank that issues credit or debit cards to cardholders.
  • Card associations – They set interchange rates and qualification guidelines. They are networks of cards such as Visa, MasterCard, Discover, and American Express.

So when a cardholder purchases something from you, your payment software (POS terminal or an e-commerce business payment gateway) will send a request to the payment processor, which will then submit a request to the card association and issuing bank. Once the issuing bank approves everything, your transaction will be finished.

It may seem like a couple of seconds, but the process is very complicated

What Is PCI Compliance?

PCI compliance refers to data security standards – the abbreviation stands for Payment Card Industry Data Security Standard (DSS). These standards are set by the Security Standards Council, an independent panel commissioned by major associations like Visa.

All companies must meet these standards for security reasons and to avoid fines if some kind of breach of information or theft happens. But one of the most common mistakes business owners make is that they accept to pay all fees when setting up their merchant account, even if they don’t need them all. For example, if you run an e-commerce shop that stores customer data, you will have to meet higher protection standards than a small local store. This is why you should apply for an account with a company with merchant services tailored to your needs.

PCI Compliance Fees – What You Need to Know

To put it simply, these fees are something you will pay to your credit card processing company that runs your account in exchange for making sure your account complies with all applicable standards. These are the services that your merchant processor company will provide you with when it comes to PCI compliance:

  • Security Scans – Your company will do a thorough check of all aspects of your POS system, from the website, server, and payment gateway to any connected terminals or POS systems, for any viruses, malware, or other security threats.
  • Data Breach Insurance – If a breach occurs, this insurance will reimburse you for any losses you may suffer.
  • Customer Education & Assistance – The company will provide you with assistance and training to make sure your account stays compliant with safety standards.

How Much Does the PCI Compliance Fee Cost

Even with the best credit card processing for small businesses, these fees are something you must pay. And if a payment processor claims that they will not charge you, don’t trust them. You will probably get charged through a flat rate or some other way. Unlike acquirer processor fees that are charged in every transaction, compliance rates are usually charged monthly, around $8 to $10 dollars per month.

The rates are paid monthly, not per transaction

How to Choose a Merchant Services Provider That Is Compliant

When choosing a company that will provide you with these services, the most important thing to check is whether they are transparent. When signing a contract, make sure you understand what you are paying and why. The contract must clearly state who the responsibility falls on if a breach happens due to software or equipment malfunctioning. Also, pick a company that will assist you in meeting all the safety standards.

Who Needs to Be Compliant?

Anyone who is involved in plastic payments must meet PCI standards. This means merchants, service providers, payment processors, and gateways all must follow these guidelines. And unfortunately, if you run a small business, you should know that statistically speaking, you are at higher risk of being attacked than bigger ones only because many small business owners don’t know how to protect themselves.

How to Make My Business Compliant?

For starters, you must find a company that will give you a good effective rate for credit card processing and good equipment, software, and excellent customer service. With the help of the right provider, you can start meeting these requirements. But just like you alone have to think about small business tax deductions, you must do things on your own to meet these standards. The first step is to fill out a self-assessment questionnaire (SAQ) and attestation of compliance (AoC). You must submit these papers annually along with vulnerability scans. Also, it is your responsibility to create safety protocols and educate your employees on how to protect data. Access to the database and other sensitive information must be limited to two to three persons. Also, your internal network and physical network must be secured at all times.

Determine Which Compliance Level You Belong to as a Merchant

Before you start filling out the paperwork, you first need to determine which level you belong to. Just like there are different merchant category codes, there are different levels of PCI. The size of your company determines the level, and each level has its own rules and regulations. There are four levels, and most small businesses will fall under the fourth one, which means they have fewer than 20,000 cashless transactions annually.

If you have up to 20,000 cashless transactions a year, you belong to the fourth level

What Are PCI Non-Compliance Fees

If you, for any reason, fail to meet these standards, your merchant account provider will charge you a fine or penalty, which is called a PCI non-compliance fee. This can easily happen, for example, if you forget to fill out the (AoC) on time. The problem with this is that you might not even know you stopped meeting the standards without taking a good look at your statement. This is why it is important to choose a provider that will be fully transparent – one that will inform you if you have made mistakes and give you time to correct them. Also, a reliable provider will not hide these fines in fine print just to line their pockets.

How Much Does a PCI Non-Compliance Fee Cost

From figuring out how a small business pays taxes to understanding what a card-not-present transaction is, there will be many things on your mind as a small business owner. And hacker attacks will probably not be high on your list of worries. But if for some reason, your account becomes non-compliant, you will be charged up to $20 to $30 per month until you make your account compliant again. In theory, a provider should inform you if you are not meeting the standards, but this isn’t always the case in reality if you don’t have a reliable provider. On the other hand, if you are well informed, choose the right provider, and follow all the protocols, you will avoid paying these penalties. Here are some things you can do:

  • Train employees to properly handle payments with plastic
  • Carry out quarterly security scans
  • File the SAQ every year
  • Follow all recommendations made by the SSC
  • Ensure extra protection – hire a third-party IT security service
Follow protocols and save some money

Am I Being Scammed by the PCI Compliance Fee?

Well, honestly, the answer to this question mostly depends on the service provider you have. As we mentioned, if your contract and transactions are not transparent, this can seem like a scam. These fees are something you must pay, but an honest and reputable company will make sure you don’t overpay or lose money on unnecessary expenses. Also, if the company doesn’t offer the assistance we talked about above, like security scans and training, you should probably switch to another provider. There are companies that help small businesses thrive and even have a free financial advisor instead of doing everything in their power to charge you as much as possible.