Merchant Account PCI Non-Compliance Fee Explained:
What is a PCI Non-Compliance Fee? A PCI Non-Compliance Fee is a fee charged by merchant account providers to merchants who have failed to validate that they are in compliance with the Payment Card Industry Data Security Standards Counsel’s (PCI DSS) security requirements for their business type. PCI DSS is an organization created and controlled by the major U.S. card networks to oversee and implement data security policies within the card processing industry. Contrary to what merchant account providers often claim, the U.S. Government has no involvement in PCI Compliance.
Merchants who accept credit cards are usually required to verify on a quarterly or annual basis that their business operates in compliance with PCI standards. Some merchant account providers sell products that are inherently PCI-compliant, saving their merchants the trouble of completing the required PCI self-assessment questionnaire. Others charge PCI Compliance Fees to their merchants in exchange for providing tools or resources for maintaining PCI compliance. If merchants do not verify that they are PCI compliant by their credit card processor’s deadline, the processor will charge a PCI Non-Compliance Fee each month until the merchant completes the necessary PCI validation.
An Exclusively Punitive Fee
PCI Compliance Fees are usually charged to merchants to cover the provider’s internal costs of maintaining compliance. PCI Non-Compliance Fees, on the other hand, are exclusively charged as a negative incentive for merchants to maintain compliance. In other words, they are punitive and unrelated to any costs incurred by the merchant. In addition, many merchants are not properly notified or educated about their PCI compliance obligations, which results in confusion about why they are being charged for non-compliance.
If you are being charged a PCI Non-Compliance Fee, you should contact your merchant account provider to determine what you need to do to validate that you are maintaining PCI compliance. You may also be able to demand a refund of the fee if you were not properly notified of your PCI compliance obligations, or if you have been charged a PCI compliance fee despite the fact that your provider has not assisted you with PCI compliance at all.