Many businesses that accept credit cards wonder what the PCI compliance fee is and why they have to pay it. It all starts with the information that a retailer gains when a customer purchases a product or service using their credit or debit card to pay for the transaction. The thin black strip on the back of the cards holds sensitive information that can be used to defraud the card holder if a criminal gets hold of that information. A merchant must take steps to ensure that all personal information collected from a customer is kept safe and away from those who intend to do harm to others.
There have been some notable breaches of data over the past few years like what happened at TJX companies – the parent company of the T.J. Maxx and Marshall department stores. Over a 16 month period, thieves hacked into TJX’s computer system and stole information from over 45 million cards. This caused serious problems for the company and their customers that ended up costing a lot of time, money and effort addressing the damage caused by the breach.
Employees of businesses have also been known to steal this type of information. All they need is to gain access to credit and debit card receipts so they can purchase items using someone else’s card number. These types of incidents have increased with the proliferation of these cards. The major credit card companies like Visa, MasterCard, American Express and others developed guidelines that a business must follow to protect customer information. Failure to abide by these guidelines can result in the credit card companies deciding to discontinue doing business with a non-compliant company.
Many business owners know they should keep information safe, but many also have no idea why they are also being charged a PCI compliance fee.
These fees are charged for basically three reasons: education, non-compliance, and insurance.
Many credit card processing companies spend time working with business owners to make sure they understand what is required and how to meet those requirements. Some will add a fee to cover the cost of this educational component.
Businesses that do not show they are in compliance are also susceptible to being charged fees. This is generally done to remind the owners that they should take the time to fulfill the requirements. This portion of a fee could disappear once they have certified with the processors that they have taken appropriate action to protect their customer’s information.
A third component of some fees is insurance to help cover any breaches. The TJX breach ended up costing well over a quarter of a billion dollars. This is a cost many businesses cannot afford to absorb and still survive. The insurance will not cover breaches where the company was involved in the criminal activity.
The fees can be charged either monthly or annually. The fees range from five to 15 dollars per month to over 99 dollars per year.