Advertiser Disclosure

PCI Compliance Fees: A Fair Processing Charge Or A Junk Fee?

Advertiser Disclosure: Our unbiased reviews and content are supported in part by affiliate partnerships, and we adhere to strict guidelines to preserve editorial integrity.

Merchant services providers are notorious for tacking on all kinds of additional fees for their services, often not disclosing them during the sales process and leaving it to merchants to find them buried somewhere in the pages and pages of fine print that make up their contracts. One fee that raises a lot of questions from merchants is the PCI Compliance Fee. What is the fee for? What services does the provider offer in exchange for it? Most importantly, is there any way to get out of paying it?

In this article, we’ll discuss PCI compliance, why it’s important, and how your merchant services provider treats it. We’ll look at the numerous ways in which providers charge (or don’t charge) for PCI compliance services, and what kind of services you’ll receive. We’ll also discuss the dreaded PCI non-compliance fee, and how you can avoid ever having to pay this fee. Check out our merchant account comparison chart to get the full picture on fees—including PCI fees—from some of the best payment processors in the industry.

Our Top Picks For Credit Card Processing

PCI Compliance

Let’s start with the basics. PCI compliance refers to compliance with data security standards set out in the Payment Card Industry Data Security Standard (PCI DSS). These standards are designed to ensure that your customers’ credit card data is handled safely and securely, with the goal of minimizing any chance of a data breach by hackers or other criminals. Compliance with PCI DSS standards is required by the credit card associations (i.e., Visa, MasterCard, etc.), but enforcement is generally left up to the individual processors.

Want a merchant account with no PCI compliance fees? Go with Fattmerchant

Requirements for being PCI compliant are complex and vary widely from one business to the next. For example, a retail-only business that doesn’t use a payment gateway might have relatively few requirements to meet. At the same time, an eCommerce business that processes all sales over a payment gateway and uses a customer information database to store customer payment method information would have far more extensive requirements. Unfortunately, merchant services providers don’t always take these distinctions into account when setting PCI compliance fees, preferring to charge all merchants the same fee regardless of their actual compliance needs.

The credit card associations have divided businesses into four levels of risk based on how many transactions they process annually. To figure out which risk level your business falls under, check out our article Determining Your Merchant Risk Level for PCI Compliance. Most small businesses will fall under Level 4, which is defined as “Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually.” You’ll also want to review our Quick Guide To PCI DSS Compliance For Small Merchants (Level 4), which goes into more detail about the specific actions you’ll need to take to attain PCI compliance.

While many of the required actions are accomplished by your provider, there are also some actions that you will have to perform yourself. For most merchants, the most important action you’ll need to take is to complete the Self-Assessment Questionnaire (SAQ). This questionnaire needs to be updated on an annual basis, and failure to accomplish it is perhaps the most common reason for merchants to be charged a PCI non-compliance fee by their providers.

The PCI Security Standards Council (PCI SSC) publishes several different forms of the SAQ for different types of businesses. These forms are described on their website, which also includes links to instructions and documents you’ll want to refer to when filling out the SAQ. For more details on PCI compliance requirements, please see our article Everything You Need to Know About PCI DSS Compliance.

How Processors Treat PCI Compliance

There are a number of different ways your merchant services provider can approach PCI compliance, and it seems like every provider does it differently. These approaches involve two variables: 1) whether your provider offers any services for PCI compliance, and 2) whether your provider charges you a PCI compliance fee. This results in four possible approaches to PCI compliance, and we’ve found all four methods being used throughout the processing industry. These four possible approaches include the following:

  • No fee charged, no services provided: Under this approach, your provider basically leaves PCI compliance up to you. You won’t be charged a PCI compliance fee, but you won’t receive any services to help you maintain compliance, either. This approach works best for experienced merchants who are comfortable handling their own PCI compliance requirements.
  • No fee charged, services are provided: This approach is the most popular with merchants, for obvious reasons. You receive at least some services that help you maintain PCI compliance, but you don’t pay a separate fee for them. One of our favorite providers, Helcim (see our review) uses this approach. Of course, nothing is ever really free in the processing industry, and in most cases, providers using this approach are actually bundling the PCI compliance fee with your monthly account fee.
  • Fee charged, services are provided: This is the most common approach used by providers. You’ll have to pay a fee, but you’ll receive PCI compliance services in exchange for that fee that help to keep you compliant. As long as the cost is reasonable, and the services provided actually help to keep your account secure, this is a fair and sensible approach.
  • Fee charged, no services provided: Unfortunately, there are some unscrupulous providers out there that will gladly charge you a PCI compliance fee, but don’t offer any services in exchange. Not only are you on your own when it comes to maintaining compliance, but you’re also being ripped off by having to pay a “junk” fee that doesn’t provide anything other than increased profits to your provider. Obviously, we recommend that you steer clear of providers that utilize this approach.

If your provider does charge a PCI compliance fee, it will be billed on either an annual or monthly basis. Most providers seem to prefer to charge a yearly PCI compliance fee. While this might, in some cases, result in a lower overall cost than a monthly fee, it also has a distinct disadvantage. If you close your account after you’ve paid your annual fee, there’s usually no proration, and you won’t receive a refund on the unused portion of the fee. Providers that require long-term, multiyear contracts typically charge an annual fee, while those offering month-to-month billing with no long-term contract more frequently charge a monthly PCI compliance fee. While the amount charged for PCI compliance can vary wildly, the industry average is around $120.00 per year. As noted above, providers that offer PCI compliance services, but don’t charge a discrete fee for them usually include the cost of providing those services in your monthly account fee.

Save yourself $120 per year and get a merchant account with no PCI compliance fees at Fattmerchant

Unfortunately, sales representatives for merchant services providers commonly fail to disclose the existence of a PCI compliance fee when selling merchant accounts. You’ll want to bring this issue up when negotiating the terms of your account. You should also review your contract documents to determine whether a PCI compliance fee is charged, and how much it will cost you.

PCI Compliance Services

If you’re going to have to pay a PCI compliance fee, it’s only reasonable that you should receive something of value in return. One common misconception about PCI compliance fees is that payment of the fee means that your provider will ensure that your account is fully compliant, and you don’t have to do anything. Unfortunately, this simply isn’t true. While robust PCI compliance services can take care of the more technical aspects of compliance, at a minimum, you’ll still have to complete the Self-Assessment Questionnaire (SAQ) and keep it updated.

Most PCI compliance services offered by providers fall into one of the following three categories:

  • Security scans: This is the most basic compliance service your processor can provide you with, and it’s essential that it be included if you’re paying a PCI compliance fee. Security scanning services thoroughly check all aspects of your processing system, including your website, server, payment gateway, and any connected terminals or POS systems for viruses, Trojans, malware, and other potential security threats. Scans are required to be conducted on a quarterly basis, although some providers will scan your system every month.
  • Data breach insurance: This is insurance that will reimburse you for any losses or claims resulting from a breach where your customer data is hacked or stolen. Data breach insurance is subject to policy limits and a number of exclusions, so there’s no guarantee that the insurer will accept your claim if you suffer a breach. You’ll want to review your insurance policy to determine what specific incidents it will or will not cover. While the possibility of a denied claim can make this type of insurance seem like a waste of money, it’s certainly better than not having any insurance against a breach at all. Data breach insurance is particularly important for eCommerce merchants. One of our highest-rated providers, CDGcommerce (see our review) offers $100,000 in data breach insurance as part of its optional cdg360 security package. At $15.00 per month, it’s a worthwhile investment.
  • Customer education and assistance: This is perhaps the most nebulous, but also most important, compliance service your provider can offer. What you want – and what some providers offer – is an in-depth knowledgebase to educate you about PCI compliance requirements and proactive assistance where your provider will contact you immediately if they detect anything amiss regarding your account’s security. Unfortunately, some providers offer only minimal services in this area, while still charging you a full PCI compliance fee. Beware of providers that offer just a minimal FAQ on PCI compliance or are quick to start charging you a PCI non-compliance fee without notifying you that your account is out of compliance.

PCI Non-Compliance Fees

A PCI non-compliance fee is nothing less than a fine or penalty for failing to keep your account compliant with PCI DSS standards. It’s only imposed if you, the merchant, have neglected to do something on your end to keep your account compliant. Failure to complete or maintain the Self-Assessment Questionnaire (SAQ) is the most common reason for a PCI non-compliance fee to be imposed.

The biggest problem with the PCI non-compliance fee is that it doesn’t do anything to rectify the situation or bring your account into compliance. Your provider doesn’t offer any additional services for this fee, and as such, we consider it to be a “junk” fee. Unfortunately, your provider may impose a PCI compliance fee without notice to you, and they’ll continue to charge this fee every month until you bring your account back into compliance. PCI non-compliance fees vary from one provider to the next, but the industry average is about $20.00 – $30.00 per month.

As much as we don’t like this fee, the fact is that almost all merchant services providers will charge you a PCI non-compliance fee if you fail to keep your account compliant. This includes highly-rated providers such as Helcim (see our review) that don’t charge a PCI compliance fee. However, unlike most providers, Helcim will usually notify you if your account becomes non-compliant, and they’ll give you a 90-day grace period in which to rectify the situation before they start charging the fee. Unfortunately, most other providers won’t notify you at all, and will just start charging the extra fee until you notice it and bring your account back into compliance on your own. This is yet another reason why you need to carefully review your merchant account statement every month.

Can you be charged for both PCI compliance and non-compliance at the same time? Of course you can! In fact, if your provider charges you for PCI compliance and your account becomes noncompliant, you’re guaranteed to end up paying both fees simultaneously until you fix the problem. The bottom line on PCI non-compliance fees is that they’re easily avoided simply by keeping your account compliant. As long as you review your requirements and make sure you’re meeting them, you should never have to pay this fee.

Final Thoughts

Needing to maintain PCI compliance requirements is an inevitable part of having a merchant account. You’re going to have to meet those requirements regardless of how much (or how little) assistance you receive from your provider. Because PCI compliance policies and fees vary so much from one provider to another, you should carefully research your provider’s approach to PCI compliance before you sign up for an account. As we’ve noted, paying a reasonable PCI compliance fee is entirely acceptable as long as your provider is offering some actual services to keep you compliant. The situation you want to avoid is one where you’re being charged a PCI compliance fee, but aren’t receiving any compliance services.

It’s also critically important to review your contract thoroughly before you sign up with a new provider. While this is good advice in general, it’s particularly important in determining whether you’ll be liable for PCI compliance or non-compliance fees, and how much they’ll cost. As we’ve noted, sales representatives generally don’t disclose these fees unless you specifically ask about them first.

Of course, merchants also want to know if there’s any way to get out of paying for PCI compliance services. In most cases, the answer is no. PCI compliance fees are a standard feature of most merchant account contracts, and they generally cannot be waived by your sales agent. The exception to this rule is when your provider charges a “junk” compliance fee without providing any services. In this case, your sales agent may be willing to drop the fee to get you to sign up, as they won’t be providing you with any services regardless of whether you pay the fee or not.

Our Top Picks For Credit Card Processing

Frank Kehl

Frank Kehl

Frank Kehl has been writing about merchant services, payment gateways, and international money transfer services since 2015. He has a Bachelor of Science degree from Penn State and a Juris Doctorate from the Ventura College of Law. After a long and enjoyable career of traveling around the world as an Air Force navigator, he’s comfortably settled down in the wine country town of Paso Robles in California’s scenic Central Coast region. He enjoys reading, photography, hiking, and numerous other outdoor pursuits.
Frank Kehl
Leave a comment


Responses are not provided or commissioned by the vendor or bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the vendor or bank advertiser. It is not the vendor or bank advertiser's responsibility to ensure all posts and/or questions are answered.

    Afshan Shahid

    My second complaint against Payment Sense is that they have been charging me GB 35 per month for PCI non-compliance fee. Isn’t it a rip off? Is there any cap on this? Worldpay used to charge me only 10 pounds for this negligence on my part. Is there any forum where I can lodge a complaint for reduction of this exorbitant PCI non-compliance fee?

      Jessica Dinsmore

      Hi Afshan,

      I have not seen any complaint forums for PaymentSense, though you could leave a review on TrustPilot, but they do list the fee in their FAQ’s and they have their own internal complaint process that you can submit to, if you’d like.

        Afshan Shahid

        I am dealing with Payment sense. Recently they took out GB 174 from my account as DD without my information. It put me in an embarrassing position when my debit card was declined for insufficient funds for purchase of an air ticket. When I asked for explanation, they said they had “upgradd” me from Viewmylocal to Plus by PaymentSense. Honestly I never knew what was Viewmylocal programme and what this new upgraded plan is . Their contention that they had informed me about this change 10 months ago is not tenable.How they entered me in the original without my consent;upgrading me to Plus is similarly without my consent. Aren’t they under obligation to get express consent of the client for any such scheme instead of merely saying “we informed you last May”?
        Upon my protest, they have deactivated my account but I am not satisfied with this practice of theirs. Is there any forum where I can lodge a complaint against them ? Specifically, no service provider should include the namrer of any client in any fee-paying scheme without his/her express consent.

          Glynne Davies

          I need help with a fine from intuit of 25000 ! Card association fine for brand damaging transactions
          What do I do???

            Jessica Dinsmore

            Hi Glynne,
            I’m so sorry you’re going through this. Try searching “PCI Compliance lawyer”. Best of luck to you.


              Thanks for the info. I found this page by doing a search for “Annual PCI Compliance Support fee”.

              My processor, Valtiv, is known to automatically opt you in to services they provide. A couple years ago I had to call and opt-out of a $90 charge for a RAAP fee, or as I call it a “rape” fee. I believe I had to do this two years in a row.

              Now I find myself in the same situation looking at my statement from last month. I’ve noticed a paragraph;
              “Vantiv is requiring minimum security standards to help merchants reduce risk and liabilities related to payment processing. You are being enrolled in the Omnishield Breach Assist Program at $24.95 per MID per month effective Aug, 1, 2016, which gives you access to breach assist and PCI tools and services. etc…”

              Really? If I didn’t look at my statement I’d be paying $299.40/yr for something I wouldn’t have even known I’d have access to. Seems pretty shady to me. Like I said, reminds me of the shenanigans they did a while back with the RAAP fee.

              The thing I’ve learned with this processor is to check my statements right when they come in the mail. I try not to set it aside, and try to open it and view the whole thing from front to back. I know they get shifty sometimes so I really want to keep myself on the ball here.

              I did a search and checked their website on how to opt-out of this $24.95/mn mystery fee and found a “Breach Assist Program Out-Out Form”. On the form it states that I opt-out of this fee but I do acknowledge and approve a “Annual PCI Compliance Support fee” of $50 per location per year capped at $150 per org. per year.

              I think I may have been paying that $50/yr in the past, so I believe it’s a normal fee. And after reading this page I suppose a PCI compliance “support fee” is normal. Because I do have access to a website “” and “” where I can log into the website and answer a questionnaire and become “compliant”. I’m not really sure if my “support” fee is covering this process or not. I just know it’s something I have to do every year.

              I just wanted to let everyone know how easily it is to get duped into paying unnecessary fees. These “automatic fee enrollment” tactics should be illegal.


                Alex Lahiri

                When it says “annual” fee, does it mean annual as in calendar year or is it annual per my contract? I started my contract with Total Merchant Services in August 2015 but they charged me $99 regulatory and security fee in December 2015 citing “annual” nature of the fees. Is this right?
                Furthermore, I was not made aware by my customer service rep that compliance can be completed over the phone. She sent me the form. I found some fields difficult to understand. I didn’t follow through with the submission (can you blame me for losing track as I was trying to direct all my attention towards the set up of my business?). So, I kept getting hit with $19.95 each month.

                  david victorson

                  I have been charged a compliance fee from Esquire Bank. I have no relationship with Esquire Bank on any level. I had my bank call the PCI company and they were unavailable to talk about the fee they mistakenly charged our bank account. I would like to report this to the controller of currency.

                    Kevin Mendizabal

                    It’s amazing how many regulatory violations are revealed in this article. The FTC and department of insurance in their respective states would have a field day handing out fines. A processor can’t sell insurance unless they are licensed to do so. What they are actually doing is indemnifying. If it is represented or “sold” as insurance, that when the regulators could come after them. The article makes a valid point though, if the insurance policy (that is actually owned by the processor) does not pay the claim….then what? As far as the merchant is concerned, they were told they have insurance by their processor or agent. Now the processor could be be held legally liable for those damages. For a large portfolio that could add up, and won’t be covered on their e&o insurance. More food for thought, anything labeled as breach or PCI insurance doesn’t cover any damages or liability whatsoever, so if a merchant is sued for damaged by his customers he is out of luck. More food for thought, the ISOs currently being investigated for engaging in insurance could possibly face jail time as some states classify this as a felony. Highly doubtful scenario, but that’s how the statutes are worded.

                      Ashish Tyagi

                      HI ,

                      Whats the fee for PCI DSS compliance for a PSP?

                        Chloe Bahal

                        Hi Ashish,

                        That information is something the PSP will know, so I would recommend contacting them and they will be able to give you more specific information. I hope this helps but if you have any further questions please let me know.


                          sounds like just another BS fee to be paid. Looks to me like the credit industry is making money on BOTH ends – again. Fees for NON compliance, as well as fees FOR compliance. I don’t know why I should PAY to prove to some faceless corporation that I can protect my customer’s data on my own computer. I only occasionally take credit card payments – seems to me like I should just STOP taking them and deal in cash or check only. Guess what? That would protect both my customers AND me, and all without some BS fee going into somebody’s corporate pocket.



                              Maribeth Bentivegna

                              I guess what I would like to know is, who’s pocket the fees are going into.

                                Maribeth Bentivegna

                                So it is the processors that inforce PCI compliance and assess non-compliant fees?


                                  I also, found out that for a whole year I’ve been charged $19.99 for not filling out the
                                  monthly questionnaire.
                                  Does that mean that every month we have to fill out a questionnaire, or is it a once a year
                                  We only use the debit machine and for the most part we only use it for 6 months out of the
                                  year. Do I have to fill it out when we don’t use it?
                                  Thank you, Karen

                                    Tom DeSimone

                                    Hi Karen,

                                    The PCI Self Assessment Questionnaire (SAQ) must be completed annually. Depending on your business, you may also need to perform quarterly system scans. An Attestation of Compliance must be completed annually too. For small businesses that use a third-party to handle the actual card data and storage, this process is very quick and easy (an hour or two of your time), and gets quicker and easier every year. There is nothing that you have to do on a monthly basis.

                                    Hope this helps,


                                      I have a small business with less then200 credit card transactions per year through the card terminal only.Security metric Company bother me every year as well as raise they fee to $170 .What I should do to stay PCI compline and not to pay this money?

                                        Tom DeSimone

                                        Hi Svetlana,

                                        See this page for information on determining your compliance. Depending on your business, maintaining compliance can be either very easy or very difficult. In some cases, it will make sense to pay a company like Security Metrics to help you with this. You might also consider talking to your merchant account provider to see if they have a less expensive option to help you maintain compliance. Otherwise, just check out the above link. It will direct you to the Self Assessment Questionnaires (SAQs). There is a document in there that will help you figure out which questionnaire you need for your business type.

                                        Good luck,

                                          Mike Lamm

                                          I am in the process of closing my account with my current processor. They have been charging me a annual fee of $95.00 and a monthly fee of $29.95 for the past 2 years. These fees are not listed on my monthly statement, I discovered them on my bank statement. Is this legal?

                                            Tom DeSimone

                                            Hi Mike,

                                            Those fees should definitely have been listed somewhere on your statements. They don’t always make the fee easy to find, but it’s almost always there. I’m not sure if there is a law against assessing charges without listing them, but I can tell you for sure that the industry standard is to always list all fees on monthly statements. Scheduled fees like PCI are usually listed toward the bottom.

                                            Now if the fee was not listed on the fee page of your contract, or elsewhere in the contract, then it is certainly not legal. But most processors are sneaky, not stupid. They work around laws to increase profits, but don’t generally blatantly break them. So my guess is that you won’t have a legal case against them.

                                            But, that said, the $29.95 monthly fee is probably a PCI non-compliance fee. You might have a chance of getting some of that money back, since it’s really just a penalty for not doing the PCI self-assessment. The annual $95.00 is less likely to be refunded. And anything older than six months is unlikely to be refunded in any case, unless it was a fee charged by mistake.

                                            If you can’t get this resolved through customer service, try the Better Business Bureau. It depends on who your processor is, but sometimes refunds are possible. I know how frustrating this sort of thing is. Non-disclosure of fees is entirely unethical. Please check out our best-rated providers when you’re ready to switch.

                                            Good luck and take care,

                                              Jesse James, Esq.

                                              My firm desires to file a Class Action Law Suit against World Pay for Florida consumers pursuant to Florida’s Deceptive and Unfair Trade Practices Act (FDUTPA) (F.S. §501.201). World Pay has been charging consumers with PCI Non-Compliance fees without employing adequate procedures to alert consumers of the need to become compliant. Additionally, World Pay has failed to adequately inform or notify consumers who end up being Non-Compliant that they are in fact being charged an additional fee each month for remaining out of compliance. World Pay has chosen to slip the Non-Compliance fee into its billing with the hopes that it will go undetected by busy small business owners for as long as possible. Small businesses have been charged with PCI Non-Compliance charges for several months without a single written notice or phone call to alert the owners of their non-compliance or the fact that they are even being charged an additional fee for being non-compliant. World Pay has employed a “catch me if you can” strategy in its practices and procedures regarding scamming consumers out of $19.95 per month for as long as they can keep it going. Once the issue is finally detected the small business have in most cases paid out hundreds of dollars in non-compliance fees. This usually occurs with business who pay their monthly payment through direct draft and the amount of $19.95 is so insignificant it goes undetected for several months before it is finally discovered. Once discovered the small business owner is left with a “to bad so sad” response and a suggestion that they should log into their online account more frequently because any notifications will only be found that way. Florida consumers who would like to participate in this proposed Class Action Law Suit should leave their information through the “contact us” link on our website.


                                                We are a startup tutoring services firm in Texas.
                                                We got stuck with a five year contract and have been told we cannot get out out of it unless we pay the full five year monthly fee.

                                                Beware of WorldPay!

                                                We were able to get our money back from the initial non compliance fee when noticed after three months.

                                                Today, we are receiving the notice that we will be slapped with a $169 dollar annual compliance fee beginning with our December statement.

                                                Hope this warns other merchants as to the predatory nature of WorldPay.
                                                Also, let me know if we can join the lawsuit you are filing in Florida.

                                                Thank you very much,

                                                  Ray H

                                                  I can assure you that if you are getting your monthly statements from iPayment you are being scammed for PCI. I even had the fees waived in my contract (along with other abusive fees) and they took the fees out of my bank account anyway. Tried to cancel the accounts and they ignored my requests. Finally had to put a stop payment on my account to force them to stop. Switch to Square and you will never have to deal with PCI or other charges. Their flat rate ends up saving hundreds of dollars per year by eliminating all the extra fees.

                                                    Kelly Thrall

                                                    Thank you for your article. I have been charged these fees for the last 19 months and have questioned my merchant services provider over and over. During the time I have been growing my business I have not been able to devote much time to learning about this more but now I am wondering if it’s possible that re-coop these fees for having been charged them. I know that may be a long shot but had I not found something on my account a month after starting my services, I would have been over charged another $10 a month. When I found the “other” compliance fee, that told me it was optional. When I signed up for the agreement, I was not told it was optional. Just feeling scammed and when you are a small business trying to get off the ground, the last thing you want is a bank already making millions taking your hard earned profit.

                                                      Tom DeSimone

                                                      Hi Kelly,

                                                      In my experience, providers will sometimes issue refunds for PCI non-compliance fees, but rarely for PCI compliances fees. This is because the compliance fees usually come directly from the processor (but not the credit card network), so the account provider often does not have the power or flexibility to refund those fees. Non-compliance fees are often not issued directly from the processor, so there is more flexibility. If you want to try to get a refund and aren’t having luck with your provider’s customer service, try going to the BBB with the complaint. They might be willing to give a partial refund.

                                                      Good luck!


                                                        Hi Tom,

                                                        we are small business in Canada. We received the letter from Elavon saying we are going to be charged PCI fee of $24.95 quarterly since November 2014. Actual fee process started in December and we saw it at the beginning of January. I was trying to get the information from Elavon what services they offer for the fee they charge us and if there is possibility to avoid this fee. Elavon said we need to contact the provider who is responsible for all the fees appearing on our statement. Of course we did. The company we have our agreement signed with said they have no power to control PCI fees. Who are we supposed to call? Who is going to answer our questions and reimburse us for the fee we have been charged? Is the PCI fee really necessary as we obtained Certificate of Validation and are aware of PCI Data Security Standards? Thank you!

                                                          Tom DeSimone

                                                          Hi Antonio,

                                                          That sort of runaround is really frustrating. You are unlikely to get any refunds for fees already paid, but you should be able to get the fee waived for the future depending on your business needs. If you are maintaining your compliance with another vendor, there is really no reason at all for you to pay this fee.

                                                          That said, your provider will not want to waive this fee for you. Elavon cannot waive the fee directly. You have to go through the provider who drew up the contract for you. They do have the power to waive a PCI fee, regardless of what they tell you.

                                                          You can make a case for yourself if you possess a current PCI compliance certificate from an approved PCI compliance vendor. You will also generally have to fill out a waiver waiving your rights to use your processor’s PCI compliance services. This can absolutely be done.

                                                          If they give you a hard time, I’d recommend that you either threaten to cancel your account or even just do cancel your account. There are plenty of providers who won’t charge you PCI fees, even other providers who use Elavon. Take a look at Helcim for instance. They use Elavon as their processor, but don’t charge any PCI fees ever. Unless you don’t complete the questionnaire, in which case you could be charged a non-compliance (non-action) fee. So maybe talk to Helcim to see if they can help you switch.

                                                          Good luck,


                                                            We switched to a new credit card company last year(march 2013) and this past month i noticed my rates where higher even tho our credit card amounts where the same. trying to figure out why, i printed all my statements and I was instantly pissed! I have been paying a non compliance fee for over 9 months and not one time was i notified by anyone about this. I called my sales rep and he told me that it is a required fee from Mastercard/visa(which is what he uses that as an excuse for every fee we get) and that i was contacted both by the credit card company and them (I gave him a few choice words for that, bc i never miss anything, and its hard to believe i would have missed two compliance notices)….anyways, I finally became complaint a couple days ago, but i am wondering also about the “annual fees” On top of being charged 19.99 a month on both of my accts, I was also charged a ” Regulatory/Complaince fee of $90 and a PCI complaince fee of $90. One was in march of this yr and may of this year. Isnt this the same fee??

                                                              Scott Ryals

                                                              I do maybe 20 transactions a year. I call them in verbally over the phone. Unless someone at the NSA taps my phone – what exactly is PCI doing for me? If I average the fee across the number of transactions I do per year the fee is sometimes more than the damned charge. From my point of view this is a stinking pile of bullsh*t.

                                                                Tom DeSimone

                                                                Hi Scott,

                                                                While the steps your processor takes to ensure PCI compliance are valuable to you, since you must remain PCI compliant as per the credit card network guidelines even if you only do telephone orders, I 100% agree with you that PCI fees are often just a way for processors to cash in. A merchant in your position should not be paying the $80+ annually that is the industry-standard for PCI compliance. In most cases PCI fees can be waived during contract negotiations, and many providers simply do not charge this sort of fee.

                                                                With a transaction volume that low, you might consider using a mobile pay-as-you-go processor. You don’t really need a full merchant account to do only a couple dozen transactions annually. Check out Flint, for instance.

                                                                Good luck!

                                                                  Frank Pulkownik

                                                                  I am being chargee $49.99 per month for non compliance fee. I need to call. Can I demand my money back?

                                                                    Tom DeSimone

                                                                    Hi Frank,

                                                                    $50 monthly for non-compliance is very steep. You should check your contract and fee schedule to make sure that amount is correct. Assuming it is in your contract, you can’t “demand” your money back legally, but you can certainly ask for it back firmly. If you explain that you were not aware of this fee and would like a refund, your provider will almost certainly offer a partial refund at least. Just for the sake of curiosity, may I ask who you use for processing?

                                                                      Dr Gina Delia

                                                                      Do you know anything about retriever credit card processing in NY. I tried to close my acct but it was auto renewed. I was told to close it someone must come to my office and I still can’t find out if there is a fee

                                                                        Dr Gina Delia

                                                                        What is the difference between PCI compliance service and Platinium PCI service which I pay 90.00 annually to Retriever


                                                                          Is there a fee to be compliant or can you D.I.Y and if there is a fee, is it payable annually??

                                                                            Amad Ebrahimi

                                                                            Dave, this really depends on the processor. Some of them charge an annual fee, some charge a monthly fee, and others don’t charge at all. As a rule, the monthly fee is usually for non-compliance. The annual fee is usually charged as a way to cover the processor’s costs for informing their customers and making sure they’re compliant.


                                                                              Thank you SO much for this article–very concise and very helpful. I run a very small business and am just starting the mobile credit card gig. Eeek. I’ve bookmarked this site as a must read.

                                                                                Pat Roche

                                                                                I was charged £30 per month for over 7 months before I printed off my statements for my tax return back in January…

                                                                                Yes, I had to fill out a form to become compliant and hopefully they have stoped charging me now (I haven’t gone back online to view my statements, too busy with getting the job done…)
                                                                                I did try to complain but they said they had advised their merhants on their web site…
                                                                                I strongly advise you to go on line now and review your statements and even if you haven’t been charged fill out the form!

                                                                                  J Curtis

                                                                                  Tank you so much for your article. I have noticed a charge of $99.00 on my statement for pci fees and now 19.95 per month.

                                                                                    Christine Roy

                                                                                    I just want to thank you for providing this information. My head is so filled with different companies’ junk info that I sometimes don’t know which end is up.

                                                                                    I am very much afraid of this venture of mine into the world of internet retail. I’ve already been scammed out of $300 and it is frightening to realize just how many deceitful companies there are out there. When a person is all alone in opening a store etc. it can be devistating to discover that you’ve been “duped” despite trying to research every little thing that has to be done just to open my virtual doors. Thank you again for information that is not self-serving.

                                                                                      Amad E.

                                                                                      No problem Christine, we’re glad to help. If you have any questions, you can always contact us directly.

                                                                                      Leave a Reply

                                                                                      Your email address will not be published. Required fields are marked *

                                                                                      Your Review

                                                                                      Comment moderation is enabled. Your comment may take some time to appear.
                                                                                      Please read the "User Review and Comment Policy" before posting.