PCI Compliance Fees and Your Business

By Phillip Parker|April 15, 2026

CPO was created by business owners to help others avoid unethical and expensive merchant account providers. To support the continued operation of this website we sell advertising to ethical... processors who have earned top marks in pricing, support, and business practices. Some of the recommendations found on this website may be paid placements.

PCI compliance fees are charges that payment processors bill to merchants to cover the costs associated with maintaining compliance with the Payment Card Industry Data Security Standard (PCI DSS). This standard, established by the major card networks (Visa, Mastercard, American Express, Discover, and JCB), sets the security requirements that all businesses accepting card payments must follow to protect cardholder data from theft and fraud. In 2026, with PCI DSS v4.0 now fully in effect, understanding PCI compliance fees and your obligations as a merchant is more important than ever.

What PCI Compliance Fees Cover

Most payment processors charge a PCI compliance fee, which typically ranges from $79 to $120 per year or $6.95 to $12.95 per month. This fee is intended to cover the processor’s costs for providing PCI compliance tools and support, including access to self-assessment questionnaires (SAQs), vulnerability scanning services, breach protection insurance, and educational resources to help merchants understand and meet their PCI obligations. Some processors bundle these services into the compliance fee, while others charge for them separately.

It is important to distinguish between the PCI compliance fee and the PCI non-compliance fee. If a merchant fails to complete their annual PCI self-assessment or maintain compliance, many processors charge a monthly non-compliance penalty, typically ranging from $19.95 to $49.95 per month, until the merchant becomes compliant. These non-compliance fees can add up quickly and are entirely avoidable by simply completing the required annual self-assessment questionnaire through your processor’s compliance portal.

PCI DSS Compliance Levels

PCI DSS categorizes merchants into four levels based on annual transaction volume. Level 1 applies to merchants processing over 6 million card transactions per year and requires a formal on-site assessment by a Qualified Security Assessor (QSA) and quarterly network vulnerability scans. Level 2 covers merchants processing 1 to 6 million transactions and requires an annual self-assessment questionnaire and quarterly scans. Level 3 applies to merchants processing 20,000 to 1 million e-commerce transactions, and Level 4 covers merchants with fewer than 20,000 e-commerce transactions or up to 1 million total transactions annually.

Most small businesses fall into Level 4, which requires completing an annual Self-Assessment Questionnaire (SAQ) and may require quarterly vulnerability scans depending on the business’s payment acceptance methods. The SAQ type varies based on how the business processes payments—merchants using a hosted payment page or terminal-only solution may qualify for a shorter, simpler questionnaire than those with more complex payment integrations.

PCI DSS v4.0 Changes in 2026

PCI DSS v4.0, which became mandatory in 2025, introduced several important changes that affect merchants in 2026. The updated standard places greater emphasis on continuous security rather than point-in-time compliance, includes stronger authentication requirements, expands encryption standards, and introduces more flexibility in how merchants can meet security objectives through customized approaches. Businesses should work with their processor to ensure their compliance documentation and security practices align with the v4.0 requirements.

One significant change is the increased focus on tokenization and encryption as methods for reducing PCI scope. Merchants that use payment solutions where cardholder data never touches their systems—such as hosted payment pages, point-to-point encryption (P2PE) terminals, or processor-managed POS systems—can significantly simplify their compliance requirements and reduce both their risk and their compliance costs.

Are PCI Compliance Fees Negotiable?

PCI compliance fees are one of the many line items on a merchant processing statement that can vary widely between providers. Some processors include PCI compliance tools and support at no additional charge as part of their standard service offering. Others charge annual or monthly fees that may be negotiable, especially for merchants with higher processing volumes or those willing to sign longer-term agreements. When comparing merchant account providers, always ask about PCI-related fees and what services are included.

Be wary of processors that charge excessive PCI fees or that impose large non-compliance penalties without providing adequate tools and support to help merchants become compliant. A reputable payment processor should make it easy for merchants to complete their annual self-assessment and should provide clear guidance on maintaining PCI compliance. If your processor charges PCI fees but does not provide meaningful compliance support, that is a red flag that you may be overpaying for a fee that provides little value.

About The Author

Phillip Parker

CPO Creator & Founder

Since 2009, I have researched over 1,000 merchant services providers and published hundreds of payment education-related articles. This work has received national recognition, and my expertise in payments is regularly sought by large media outlets such as CNN, MSN, and INC Magazine, among dozens of others.

Shortly after graduating from college, I was recruited into a sales role with a credit card processor. Only later did I realize that the so-called "training" centered on selling expensive processing agreements... layered with hidden fees and long-term contracts. In my earliest transactions, I unknowingly steered friends and family into costly arrangements after they trusted my recommendation. When I fully understood the structure of what I had been selling, I resigned immediately and committed myself to exposing those practices. That commitment became the foundation of this website.

As Has Appeared In

About Us

CardPaymentOptions.com

Established 2009

This website was launched in 2009 as a modest blog dedicated to exposing questionable marketing and pricing practices within the credit card processing industry and how they negatively impact small business owners. What began as a side project has since evolved into a widely recognized platform advocating for transparency, accountability, and ethical standards in merchant services.

Our Research Methodology

Pricing & Fees

We analyze all costs including rate structures (interchange-plus, tiered, flat-rate, etc), monthly fees, equipment costs, early termination fees, and hidden charges. This data is gathered from service agreements, statements and client feedback.

Features & Technology

Evaluation of POS systems, e-commerce integrations, mobile capabilities, reporting tools, recurring billing..., and developer resources. When possible, we directly test services and hardware. Otherwise, we rely on client feedback and public information.

You Should Also Read

a depiction of CVV2 credit card security

Understanding CVV2 Codes: Protecting Card Payment Transactions

For consumers, safeguarding your CVV2 code is essential in maintaining the security of your financial transactions. It is advisable to never share this code through email or over the phone unless absolutely certain of the legitimacy of the transaction and the recipient. Additionally, you should regularly monitor your bank statements and set up alerts for unusual activities, as these practices help in early detection of any potential unauthorized transactions. Covering the CVV2 code with a sticker or otherwise obscuring it can also prevent physical theft of the information. If you suspect that your CVV2 number has been compromised, contact your issuing bank immediately.

How to Fight Chargebacks and Win

Find out how to successfully dispute customer chargebacks. You can contest chargebacks by supplying evidence that counters the customer's chargeback claim and then submitting the following evidence to your merchant account provider. Learn more about how to fight chargebacks in this article.

Here's a simple illustration depicting the concept of a monthly minimum fee as a heavy weight hanging over a small store.

What is a Merchant Account Monthly Minimum Fee?

A merchant account monthly minimum fee is a charge that some payment processors require businesses to pay if their total transaction fees (from credit card sales) do not reach a certain threshold set by the processor each month. This fee ensures that the payment processor covers its costs and makes a profit, even if the business doesn’t process many transactions in a given month.