(See also: PCI Compliance FAQs)
What are the Payment Card Industry (PCI) Compliance fees?
PCI compliance fees:
- PCI Annual Compliance fee
- If compliance requirements are not met a monthly non-compliance fee is charged.
- Card Compromise Assistance Plan (CCAP) monthly fee: Optional if compliant and required if non-compliant.
Where are the PCI compliance fees described?
The PCI compliance fee assessments are stated in the first paragraph on page three of your Merchant Agreement.
When and how is the PCI Annual Compliance fee charged?
The first week of February your bank account is charged with an ACH debit for PCI Data Security Standard (DSS) compliance. It also displays on your merchant statement at the end of the month. The PCI annual compliance fee should be viewed as an investment for a sense of security that you have a reduced vulnerability for a data breach.
What is the fee charge for?
The fee is an annual compliance fee to cover operating costs for the PCI web portal as well as other features such as the quarterly scans. This is for the previous year of processing you are not paying for the new year.
Can I get a refund for the annual PCI DSS compliance fee?
The PCI DSS compliance fee is non-refundable. It is on your Merchant Agreement and all merchants are charged this fee annually. This is for the previous year of processing, you are not paying for the new year.
Why did the fee increase from what is stated on my Merchant Agreement?
The Terms and Conditions Amendment section of your Merchant Agreement states: This agreement may be amended or modified effective upon thirty (30) days written notice.
How do I answer the Self-Assessment Questionnaire (SAQ) to become compliant, and is it too late to do it this year?
It is not too late. The first step is to log into the SysNet portal.
What if I forgot my SysNet portal password?
First try to find your credential email from SysNet, select the link for the SysNet portal from the email, and then follow the instructions. The credential email has a link with an auto-generated password that you must change and answer security questions. If that does not work, call merchant services and confirm your email address for SysNet. Update the email address, and request a password reset email if needed.
What is the extra charge on my billing statement?
It is not an extra charge. It is only once a year. This is for the PCI Annual Fee of $99.50 on the January merchant statement.
What is the Non-PCI compliance fee for?
The Non-Compliance Fee is assessed if you are not PCI compliant. It is a monthly charge, which includes:
- Penalty non-compliance charge
- CCAP fee
My previous processor said that as long as I am compliant I will not be charged this fee. Why are you charging me?
We are fully disclosing all fees to you. Every service provider can make their determinations on what fees to charge.
What is the really big charge on my bank statement?
This charge might be the PCI Annual Fee. It is charged annually to your merchant account, and it is on your merchant agreement.
Why am I charged a PCI Annual Compliance fee when I am compliant?
The Annual Fee is charged on the statement for all merchants, regardless of compliance. Explain the annual Fee.
Do I need to verify PCI compliance for my business again if I did it last year?
The PCI compliance needs to be done on an annual basis, once a year. Also, a quarterly scan is needed every 90 days for businesses that use the internet or wireless networks, contact SysNet for details.
Why does Square not charge a PCI Annual Fee?
Square has higher rates that include PCI-related charges.
What if I decide not to verify PCI Compliance for my business?
If your business is non-compliant:
- You are charged a monthly non-compliance fee.
- You are required to remain enrolled in the CCAP for a monthly fee.
- In the event of a data breach or fraudulent transaction, you are held liable and will be responsible for any associated costs, including:
- Forensic audit costs
- Card replacement costs
- Compliance fines
- Costs associated with lost productivity
- Costs associated with reputation damage
Why was I charged more than once?
You are charged the PCI annual fee for each account with a Merchant ID number. The PCI non-compliance fee is also assessed for each non-compliant account.
Why wasn't I notified about the PCI Compliance fees?
You are only notified of the PCI compliance fees through statement messages if there is a change to your account. You should be aware of this fee because you agreed to it in your contract.
Do I have to answer the questions on the Self-Assessment Questionnaire (SAQ)?
Only you or someone from your organization who knows your payment environment will be able to answer the questions. The SAQ has self-assessment questions designed to ensure your environment is secure. A SysNet team member can explain the questions to help you understand how to answer them and explain the other steps in the process.
What are the penalties for non-compliance?
The payment associations may, at their discretion, fine thousands of dollars for PCI Compliance violations such as data breaches. There is an educational video detailing this information on the PCI Compliance section of the CPAY website.
How often does the SAQ need to be done?
The SAQ is required annually.