As a merchant, you probably already have some familiarity with PCI compliance. PCI or PCI-DSS is a set of rules that all organizations handling card or payment information must follow to reduce the risk of data loss. The goal of PCI requirements are maintaining a secure network, protecting cardholder information, and implementing access control measures.
PCI requirements can be complicated and depend on the level of risk based on how many transactions you process every year. Many of the required actions will already be accomplished by your payment processing provider but there are some steps you must take yourself. It’s important to understand your obligations under PCI rules and how your payment processor handles PCI compliance. You may face not only PCI compliance fees from your processor but also PCI non-compliance fees that are easy to avoid.
How Payment Processors Handle PCI Compliance
Merchant services providers can handle PCI compliance in many ways. It all depends on whether your provider offers PCI compliance fees and whether you are charged a fee for these services. If you are an experienced merchant and comfortable handling PCI requirements, you may choose a provider who provides no PCI services and charges no fees. Most merchants prefer working with a processor that provides PCI compliance services for greater protection and reduced liability.
If you do decide to pay a fee for PCI compliance, make sure you understand what you’re getting. PCI compliance is a non-standard fee and guidance and support can vary. Some processors even charge PCI compliance fees without providing any extra value to merchants. At Host Merchant Services, every account includes a PCI Compliance Assessment Survey as well as live support, required PCI compliance network scans, and step-by-step help to ensure your business is compliant.
What Is a PCI Non-Compliance Fee?
As a merchant, you have some responsibilities to ensure your business is PCI compliant, even if your processor offers PCI compliance services. If you fail to do so, some processors charge what’s known as a PCI non-compliance fee. This avoidable and costly fee is often $20 or more per month. Companies that enforce the fee typically use it as a commission for agents and a way to punish merchants for a mistake.
One of the most important requirements you will have as a merchant is completing a Self-Assessment Questionnaire (SAQ) every year. This questionnaire is a standard list of questions covering the type of merchant you are, what payments you accept, a list of your locations and facilities that accept cards, and the vendors you use. If you have an eCommerce business, you will also need to show evidence of passing a vulnerability scan with a PCI SSC Approved Scanning Vendor every quarter.
At Host Merchant Services, we never charge PCI non-compliance fees. We believe the better approach is guiding merchants through becoming PCI compliant to ensure greater security and protection for all parties in a transaction. To ensure your business meets PCI requirements, we provide comprehensive assistance with every aspect of PCI compliance, including help with the SAQ and required network scans.