PCI DSS Compliance Charge On My Merchant Statement?

Posted on Thursday, May 08, 2008

Most merchants gave up trying to read their monthly credit card processing statements a long time ago because of how unbelievable complex most providers choose to make them.

For those merchants that occasionally look at them, they may be surprised to see a new 'PCI DSS Compliance' fee in the amount of $4 to $20 per month. This fee is a bit perplexing to me because the merchant account provider, in all the cases I'm familiar with, is not actually providing any product or service to the merchant related to PCI DSS Compliance.

If a merchant gets breached, the Card Associations fine the acquirer and then the acquirer passes the fine down to the merchant. So while the Card Associations have put the responsibility on the processors to make sure that their merchants are compliant, the merchant is ultimately responsible for becoming compliant and paying the fines if breached. So why again are merchant account providers charging businesses this fee?

Comments

Jen said on Friday, July 11, 2008:

Call your bank and ask them to remove this fee... that is what you pay your % of each transaction... Annual fee... etc.

They will remove it. Just ask!

Rob Core said on Tuesday, August 05, 2008:

Bryan,
Excellent post! I have directed many of my merchant customers to your site for your very good, plain English explanations of how things work in the merchant industry.

I work for a company that has been taking a very aggressive approach to PCI and compliance, and we do charge our customers an $11 monthly fee. For that, they get the services of Security Metrics, a great company that will assist with the PCI questionnaire and will scan up to 10 IP addresses at least 4x a year (merchants can request daily scans if they like, for no additional charge), as well as full network scans. They also get unlimited phone support (some companies are including either limited time or a limited number of calls in their service plans). We are also partnering with our merchants to explain PCI upfront, so they know and understand fully what their rights, responsibilities, and obligations are under these regulations.

We also have an in-house team that works with merchants for all aspects of security, including PCI.

Thanks again for all the great information.

Post a comment



(required, but not displayed)


(optional)


Subscribe via email

Subscribe via RSS

Search

For Starters

Categories

    Creative Commons License
    This work is licensed under a Creative Commons License.
     

    Resources

    New to processing?

    Merchant Account Quick Guides

    PCI Compliance Quick Guides

    Developer Resources

    © 2010 Braintree Payment Solutions. All rights reserved. Braintree is a registered ISO/MSP of Wells Fargo Bank, N.A., Walnut Creek, CA