If you accept credit or debit cards, you're required to be PCI DSS compliant. PCI DSS (Payment Card Industry Data Security Standard) is a set of security requirements designed to protect cardholder data.
Most small businesses don't know what PCI compliance involves — and many processors exploit that ignorance by charging $20–$100/month in "PCI non-compliance fees" for years.
What PCI Compliance Actually Requires
For most small businesses (less than 6 million card transactions per year), PCI compliance involves:
1. Completing an annual Self-Assessment Questionnaire (SAQ). This is a form that documents your security practices. For most card-present businesses using a processor-provided terminal, it's SAQ B or SAQ B-IP — relatively simple.
2. Maintaining basic security practices. Using strong passwords, keeping software updated, restricting access to payment data, and not storing card numbers on paper or in unsecured systems.
3. Quarterly network vulnerability scans (if applicable). Only required if you process transactions through internet-connected systems. Most brick-and-mortar businesses using standalone terminals are exempt.
The PCI Non-Compliance Fee Scam
Many processors charge a monthly "PCI non-compliance fee" — typically $20–$100/month — to merchants who haven't completed their annual SAQ. Some processors make the compliance process deliberately difficult or opaque to keep collecting this fee.
Over a year, that's $240–$1,200 in avoidable fees. Over a 3-year contract, it's $720–$3,600 — for a questionnaire that takes 20–30 minutes to complete.
How to Get Compliant
1. Ask your processor for your SAQ portal. Most processors provide an online portal where you can complete the questionnaire.
2. Determine your SAQ type. For most card-present businesses: SAQ B (standalone terminal, no internet connection) or SAQ B-IP (terminal connected via IP).
3. Complete the questionnaire honestly. It asks about your security practices — password management, physical access to terminals, data storage.
4. Submit and confirm. Once submitted, you're compliant. The non-compliance fee should stop.
Why PaySec Handles This Differently
PaySec doesn't charge PCI non-compliance fees. We help merchants complete their PCI compliance as part of onboarding — not as an afterthought that generates monthly penalties.
And with Network Offset Pricing, your processing costs approach zero regardless of PCI fees — because there are no processing fees to begin with.
Linda P. covers PCI compliance, payment regulations, and industry standards. A certified PCI Professional (PCIP) with experience at a qualified security assessor firm, she breaks down compliance requirements so small business owners can protect their customers and their bottom line.
$10,000+
in potential annual savings with optimized payment processing.
Get Started
The first step to reducing your processing costs is understanding exactly what you are paying today. Request a free statement analysis and we will show you a side-by-side comparison of your current costs versus what you could save with Network Offset Pricing.