Do I have to pay a PCI compliance fee?

PCI compliance itself is required, but the fee for it is often negotiable. Modern processors like Helcim and Dharma don't charge one.

What happens if I'm not PCI compliant?

You'll get charged a non-compliance fee — usually $19.95–$30/month — until you complete the annual SAQ.

MerchantRateCheck

Negotiable

$0 to $25/month + $99–$200 annual non-compliance fee

PCI Compliance Fee

A monthly or annual fee processors charge to cover PCI DSS compliance support. Often padded — many processors charge $10–$25/month for compliance you can self-attest in 20 minutes.

PCI DSS (Payment Card Industry Data Security Standard) compliance is required for every business that accepts cards. Most small businesses qualify for self-attestation via a short SAQ (Self-Assessment Questionnaire) — for a Square or Stripe user, this is essentially automatic. Processors who charge $10–$25/month for 'PCI compliance' are usually wrapping minimal real service into a profit line.

What to do: Ask your processor in writing what the PCI fee actually covers. If the answer is 'access to a portal and an annual SAQ', you can usually get the fee waived or reduced. Some processors (Helcim, Dharma) charge no PCI fee at all. Others (legacy ISOs) treat it as standard padding.

Who charges it

Most legacy processors and ISOs charge it; some modern processors (Helcim, Dharma) do not.

Typical range

$0 to $25/month + $99–$200 annual non-compliance fee

Want us to find this on your statement?

Free statement review. We mark up your statement and show you exactly where you're being overcharged.

PCI Compliance Fee

Want us to find this on your statement?

Companies that charge this fee

Editorial rankings touching this fee

Related fees

Industries most affected

Frequently asked questions