Have you seen PCI (Payment Card Industry) compliance and non-compliance fees on your merchant statements? Many business owners see these fees and wonder why they are necessary in addition to their processing fees. The purpose of PCI compliance is to help prevent data security breaches. These breaches have not only affected big retailers like Target, Home Depot, Jimmy Johns, and Sears, but they have affected numerous small and medium business owners.
PCI compliance is required by the Card Brand Networks (Visa, MasterCard, Discover, AMEX, & JCB), but the rules and requirements are established by the Payment Card Industry Security Standards Council. The rates for these services are typically determined by the payment processing companies, especially for the level 3 and level 4 merchants (see chart below for information on levels). Due to the security risks involved with accepting credit and debit cards as a form of payment, business owners must ensure that they are taking the necessary security precautions. The rules and requirements differ based on the card brand networks. For a full list of the basic requirements for the different networks visit the following link https://www.pcisecuritystandards.org/merchants/how_to_be_compliant.php. Some basic rules and requirements for Visa and MasterCard are as follows:
Typically, level 1 and level 2 merchants contract directly with the various QSA (Qualified Security Assessor) companies. However, with level 3 and level 4 merchants, the payment processing companies normally coordinate these efforts, often in partnership with one of the QSA providers.
PCI compliance fees vary by provider but typically cost $79-$120 per year and PCI non-compliance fees typically appear on processing statements as $10-$100 per month. The PCI compliance fee is for the processor’s service and assistance in helping companies to become PCI compliant. The PCI non-compliance fee is charged to business owners by the processing company to remind them that they need to complete a self-assessment questionnaire (SAQ) to become PCI compliant. The PCI non-compliance fee essentially serves as a penalty to the business owner for not completing their PCI compliance requirements. Unfortunately, these fees (particularly the non-compliance fees) are often excessive and serve to improve the profit margins of the processing companies. Many business owners are not aware that a PCI non-compliance fee will no longer be charged if they take the necessary steps to become PCI compliant. Therefore, check your statements for PCI non-compliance fees and make sure you are PCI compliant to avoid unnecessary charges. In addition, ask about your PCI compliance fee if you feel you are being overcharged and underserviced with help becoming PCI compliant.