(See also: PCI Compliance FAQs)
What are the Payment Card Industry (PCI) Compliance fees?
PCI compliance fees:
- If compliance requirements are not met, a monthly non-compliance fee is charged.
- Card Compromise Assistance Plan (CCAP) monthly fee: Optional if compliant and required if non-compliant.
Can I get a refund for a PCI DSS compliance fee?
The PCI DSS compliance fee is non-refundable. It is on your Merchant Agreement and all merchants are charged this fee monthly.
What if I forgot my Aperia portal password?
First try to find your credential email from Aperia, select the link for the Aperia portal from the email, and then follow the instructions. The credential email has a link with an auto-generated password that you must change and answer security questions. If that does not work, call merchant services and confirm your email address for Aperia. Update the email address, and request a password reset email if needed.
What is the Non-PCI compliance fee for?
The Non-Compliance Fee is assessed if you are not PCI compliant. No fee is charged if you are compliant.
Do I need to verify PCI compliance for my business again if I did it last year?
The PCI compliance needs to be done on an annual basis, once a year. Also, a quarterly scan is needed every 90 days for businesses that use the internet or wireless networks. Contact Aperia for details.
What if I decide not to verify PCI Compliance for my business?
If your business is non-compliant:
- You are charged a monthly non-compliance fee.
- You are required to remain enrolled in the CCAP for a monthly fee.
- In the event of a data breach or fraudulent transaction, you are held liable and will be responsible for any associated costs, including:
- Forensic audit costs
- Card replacement costs
- Compliance fines
- Costs associated with lost productivity
- Costs associated with reputation damage
Why wasn't I notified about the PCI Compliance fees?
You are only notified of the PCI compliance fees through statement messages if there is a change to your account. You should be aware of this fee because you agreed to it in your contract.
Do I have to answer the questions on the Self-Assessment Questionnaire (SAQ)?
Only you or someone from your organization who knows your payment environment will be able to answer the questions. The SAQ has self-assessment questions designed to ensure your environment is secure. An Aperia team member can explain the questions to help you understand how to answer them and explain the other steps in the process.
What are the penalties for non-compliance?
The payment associations may, at their discretion, fine thousands of dollars for PCI Compliance violations such as data breaches. There is an educational video detailing this information on the PCI Compliance section of the CPAY website.
How often does the SAQ need to be done?
The SAQ is required annually.