PCI Non-Compliance Fee: How It Affects Your Business

By Phillip Parker|April 15, 2026

CPO was created by business owners to help others avoid unethical and expensive merchant account providers. To support the continued operation of this website we sell advertising to ethical... processors who have earned top marks in pricing, support, and business practices. Some of the recommendations found on this website may be paid placements.

A PCI non-compliance fee is a monthly charge that a payment processor adds to a merchant’s statement when the merchant has not completed the annual PCI DSS validation requirements. The fee typically ranges from $19.95 to $99.95 per month depending on the processor, and it continues to appear every month until the merchant completes the required self-assessment questionnaire and, if applicable, vulnerability scans. In 2026, with PCI DSS v4.0 fully in effect, the compliance landscape has become more complex and the fees more common.

What PCI Compliance Requires

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements maintained by the PCI Security Standards Council. Every business that accepts credit or debit card payments is required to comply with PCI DSS, regardless of size or transaction volume. For the majority of small merchants, compliance involves completing an annual Self-Assessment Questionnaire (SAQ), maintaining a secure card acceptance environment, and in some cases running quarterly external vulnerability scans conducted by an Approved Scanning Vendor (ASV).

PCI DSS v4.0, which became the mandatory standard in 2024 with all requirements enforceable by March 2025, introduced new requirements around multi-factor authentication, password policies, script monitoring for e-commerce pages, and expanded encryption standards. These changes mean that some merchants who were previously compliant under v3.2.1 may now need to take additional steps to validate under the current standard.

Why Processors Charge the Fee

The card brands (Visa, Mastercard, American Express, Discover) require acquiring banks to ensure that their merchants comply with PCI DSS. If a merchant experiences a data breach while non-compliant, the acquiring bank faces fines from the card brands that can range from $5,000 to $100,000 per month depending on the severity. The PCI non-compliance fee is the processor’s way of recovering some of the added risk it assumes when a merchant has not validated compliance, and it serves as a financial incentive for the merchant to complete the process.

Some processors genuinely use the fee to fund a PCI compliance program that includes free access to SAQ tools, scanning services, and breach insurance. Others simply charge the fee as additional revenue with minimal support. The difference between these two approaches is one of the clearest indicators of whether a processor is operating in the merchant’s interest.

Common Reasons Merchants Fall Out of Compliance

The most common reason is simply that the merchant never completed the annual SAQ, either because they did not know it was required or because they started the process and abandoned it. Many small business owners receive an email from their PCI compliance provider, assume it is spam or a sales pitch, and ignore it. Others find the SAQ confusing and give up partway through.

Another common scenario is that the merchant completed validation one year but did not renew it the following year. PCI compliance is not a one-time event; it must be revalidated annually. Merchants who change their card acceptance method, such as adding an online store to an existing retail business, may also need to complete a different (and sometimes more complex) SAQ than the one they previously filed.

How to Become Compliant and Stop the Fee

Contact your payment processor and ask which PCI compliance provider they work with. Most processors partner with a third-party service such as Sysnet, SecurityMetrics, or ControlScan that provides an online portal where you can complete the SAQ, run vulnerability scans if required, and submit your attestation of compliance. The process typically takes 20 to 60 minutes for a standard retail or e-commerce merchant.

Once you complete the SAQ and any required scans, the compliance provider reports your status to the processor, and the non-compliance fee should be removed from your next statement. If it is not, contact your processor and request a correction. Some processors will also refund one or more months of the fee retroactively once compliance is achieved.

When the Fee Is a Red Flag

While the PCI non-compliance fee serves a legitimate purpose, some processors abuse it. Watch for these signs: a fee that appears immediately after account setup before the merchant has had a reasonable window to complete validation, a fee that continues even after the merchant has completed the SAQ, a fee that is significantly higher than industry norms (above $100 per month), or a processor that makes it unusually difficult to find or contact the PCI compliance provider. These patterns suggest the fee is being used as a profit center rather than a compliance tool.

The Bottom Line

The PCI non-compliance fee is avoidable. Completing your annual PCI self-assessment eliminates the fee, protects your business from the far greater financial exposure of a data breach, and keeps your merchant account in good standing. If you are currently paying this fee, the fastest path to removing it is to contact your processor, access the PCI compliance portal, and complete the questionnaire. It is one of the simplest ways to reduce your monthly processing costs.

About The Author

Phillip Parker

CPO Creator & Founder

Since 2009, I have researched over 1,000 merchant services providers and published hundreds of payment education-related articles. This work has received national recognition, and my expertise in payments is regularly sought by large media outlets such as CNN, MSN, and INC Magazine, among dozens of others.

Shortly after graduating from college, I was recruited into a sales role with a credit card processor. Only later did I realize that the so-called "training" centered on selling expensive processing agreements... layered with hidden fees and long-term contracts. In my earliest transactions, I unknowingly steered friends and family into costly arrangements after they trusted my recommendation. When I fully understood the structure of what I had been selling, I resigned immediately and committed myself to exposing those practices. That commitment became the foundation of this website.

As Has Appeared In

About Us

CardPaymentOptions.com

Established 2009

This website was launched in 2009 as a modest blog dedicated to exposing questionable marketing and pricing practices within the credit card processing industry and how they negatively impact small business owners. What began as a side project has since evolved into a widely recognized platform advocating for transparency, accountability, and ethical standards in merchant services.

Our Research Methodology

Pricing & Fees

We analyze all costs including rate structures (interchange-plus, tiered, flat-rate, etc), monthly fees, equipment costs, early termination fees, and hidden charges. This data is gathered from service agreements, statements and client feedback.

Features & Technology

Evaluation of POS systems, e-commerce integrations, mobile capabilities, reporting tools, recurring billing..., and developer resources. When possible, we directly test services and hardware. Otherwise, we rely on client feedback and public information.

You Should Also Read

a depiction of merchant account batch fees

Merchant Account Batch Fees: How They Affect Your Business

Merchant account batch fees are charges imposed by payment processors to consolidate and settle credit and debit card transactions at the end of each business day. These fees are a standard part of the financial operations for businesses that accept credit card payments. Understanding batch fees is important as they can affect transaction costs.

Here is the abstract illustration of a cardholder using a credit card.

Merchant Account Cardholder Explained

This term refers to a person who owns and uses a credit card or debit card. The cardholder is authorized to use the card for transactions as per the agreement with the card-issuing bank. This could include buying products online, paying for services, withdrawing cash, etc.