Depending on your online store’s credit card processor, you may get charged for something called a PCI Compliance Fee. When running an ecommerce store it’s essential to understand what PCI Compliance actually means and how it protects you and your customers from losing valuable transaction information.
I would recommend checking out the PCI Compliance Guide from the Security Standards Council to get the whole scoop, but for the sake of a quick definition, PCI Compliance basically means that your customer payment information is being processed over a secure network, so that no one can access that information if attempting to attack your online store.
When you sign up with a credit card processor and payment gateway company, they are both required to follow PCI standards, and many of them even go above and beyond to provide additional PCI Compliance services and tools.
Regardless, if you receive a charge for a PCI Compliance fee it may get you wondering as to what that money is being used for. Is it just a scam by the credit card processors to pull more money out of you, or is the company actually offering legitimate PCI Compliance services to protect your store? Keep reading to find out.
PCI Compliance Fees Depend Completely on the Company Charging Them
There’s no clear answer to this question, except that some credit card processing companies are helping you out with the fee, while others are not.
In fact, your credit card processor most likely falls into one of these categories in terms of PCI Compliance Fees:
- Your credit card processor is charging you a fee but not providing any support.
- Your credit card processor is charging you a fee and providing you compliance support.
- Your credit card processing company is not charging you any fee at all because they don’t think you need it.
So, in a sense, you must complete your own research to really figure out what is going on behind closed doors. There’s a good chance that the processor is simply taking your money, but on the other hand, many processors have a culture of only charging for support they actually offer.
What Can You Expect to Pay for a Traditional PCI Compliance Fee?
Once again, it all depends on your processor, but I’ve seen both monthly and yearly fees on merchant billing statements.
From my experience the average fee is around $150 per year, but this can go all the way up to something like $250 per year. In general, I’ve found that the highest fees come when you are charged on a monthly basis, because the spread-out payments are easier to hide.
What Does the Merchant (You) Receive in Return for Paying PCI Compliance Fees?
Since PCI Compliance is a new, broad and complex subject, it’s not that difficult for the credit card processors to try and sneak a fast one on you. However, if your processor is indeed providing some sort of service or product in return for those fees, they usually come in the following forms:
This is an interesting area, since it all depends on whether or not you, the merchant, reach out to the credit card processor for education on PCI Compliance. The basic idea is to educate merchants on the importance of protecting cardholder data on a day to day basis.
This may come in the form of blogs, forums, customer support lines or even guides that you can download and print out. Most of this is offered for free on processor websites anyway, but they need a way to maintain the infrastructure to educate the merchant.
Monthly Scans and Insurance
Much of this is outsourced to third-party companies, where the third-party company scans your site on a monthly basis to see if you are compliant and to see how you can improve your security. You may also receive data breach insurance in case some of your customer transaction information is compromised.
Unfortunately, this is one of the gray areas that processors have taken advantage of, since much of the insurance will not necessarily cover you quite well for a breach. Make sure you contact your processor to understand the terms of the insurance. If it doesn’t really help you, find a new processor.
Overall, the monthly scans and insurance can cost you anywhere from $20 per month to over $100 per year.
This is often compared to a police officer giving out a drunk driving ticket instead of booking the person into a jail cell for the night.
In theory, a non-compliance fee is meant to police merchants who are not properly securing customer financial information. The only problem is that the processors are simply implementing a punishment, instead of educating the merchants.
A non-compliance fee can range anywhere from $5 to $30 per month. Keep in mind that this is an avoidable fee, and you should be able to contact your credit card processor to understand how you can get rid of the fee in the future. Bear in mind that the processor will most likely not reach out to you to teach you the lesson.
Make sure you contact your processor if a fee like this pops up on your statement. Overall, it’s a rather bogus fee, but removable if you take action.
Proactive PCI Compliance Support
Out of all the fees that may come up for PCI Compliance, this is the most useful to you, since it means that your credit card processor is taking an active role in calling you and making you understand the steps you need to take to remain PCI Compliant.
Think about how many times your credit card processing company has called you or emailed you to discuss PCI Compliance. If they have, you’re in good shape. Your money is going somewhere useful. However, keep in mind that some companies still overcharge for these services, or they simply sit back and provide no services, because they know you won’t reach out.
Can You Rid Yourself Completely of PCI Compliance Fees?
The answer to this question is yes. If you don’t feel that any services are being provided for PCI Compliance, get a new credit processor that does. If your site is non-compliant, learn how to change that. If you’re being charged for monthly scans or insurance, ask the processor to remove those services or check into them to see if they are actually worth it.
Overall, PCI Compliance is just a buzzword for slipping in a few extra fees; however many companies are genuinely trying to make your online store more secure. If you have any questions about PCI Compliance fees, let us know in the comments section below.
Feature image curtsey of Paul Maeda