PCI Compliance Fees from Credit Card Processors
If you accept credit cards, you have probably seen a PCI compliance fee or PCI non-compliance fee on your processing statement. This guide explains exactly what these fees cover, which processors charge them, how to remove them, and when they are legitimate versus a junk charge.
What Is the PCI Compliance Fee?
The PCI compliance fee is a monthly or annual charge from your payment processor to cover the cost of their PCI compliance programme. This programme typically includes access to an online Self-Assessment Questionnaire (SAQ) completion portal, basic Approved Scanning Vendor (ASV) scanning access, and some level of compliance support documentation.
The typical PCI compliance fee ranges from $10 to $125 per month per Merchant ID (MID). This fee is separate from your transaction processing fees and is usually listed as a line item on your monthly processing statement. Some processors bundle it into their monthly service fee, making it less visible.
It is important to understand that paying the processor PCI fee does not make you PCI compliant. The fee provides tools and access to help you achieve compliance, but you still need to actually complete the SAQ, implement the required security controls, and submit your Attestation of Compliance (AOC). Many small business owners mistakenly believe the fee alone covers their PCI obligations.
Important Distinction
The processor PCI fee ($10 to $30 per month) is not your total PCI compliance cost. Actual compliance requires completing an SAQ, implementing security controls, and potentially quarterly scanning and annual penetration testing. See the full cost overview for total compliance costs by merchant level.
PCI Compliance Fee vs PCI Non-Compliance Fee
Many merchants are confused by two different PCI-related charges that appear on their processing statements. Understanding the distinction is critical because the non-compliance fee is usually removable while the base compliance fee is not.
PCI Compliance Fee
$10 - $30/month
- Charged for being enrolled in the processor's PCI programme
- Covers access to SAQ portal and basic scanning
- Generally not removable while you use the processor
- May be negotiable for high-volume merchants
PCI Non-Compliance Fee
$20 - $100+/month
- Penalty for not completing your SAQ through the processor portal
- Charged in addition to the base compliance fee
- Removed by completing your annual SAQ
- Often the charge that triggers merchants to search for answers
The most immediate action most merchants can take is to complete their SAQ through the processor's compliance portal. This removes the non-compliance surcharge and typically takes 30 minutes to 2 hours for SAQ A merchants. Contact your processor for portal access details if you do not already have login credentials.
Processor PCI Fee Comparison
PCI fees vary significantly between processors. Some charge $10 per month with genuine compliance tools included. Others charge $75 per month with minimal value. Several modern payment platforms charge no PCI fee at all. Here is a comparison of major processors and their PCI fee structures as of 2026.
| Processor | Monthly PCI Fee | Non-Compliance Fee | SAQ Tool |
|---|---|---|---|
Worldpay (FIS) Fee varies by merchant agreement. SAQ completion through their portal removes the non-compliance fee. One of the most common processor PCI fees merchants encounter. | $19.99 - $30/month | $19.99 - $30/month | Included |
Elavon Higher than average PCI fees. Includes access to SecurityMetrics compliance portal. Some merchants report difficulty getting the fee reduced or waived. | $49.99 - $74.99/month | $19.99 - $49.99/month | Included |
First Data / Fiserv Fee structure varies significantly by merchant agreement and reseller. SAQ completion through TransArmor portal removes non-compliance charges. | $9.95 - $24.95/month | $19.95 - $39.95/month | Included |
Chase Merchant Services Some Chase agreements include PCI compliance at no additional fee. Others charge a monthly fee. Check your merchant agreement for specifics. | $0 - $19.95/month | $19.95 - $39.95/month | Included |
Heartland (Global Payments) Includes access to Heartland Secure compliance programme. P2PE-validated terminals may eliminate additional PCI fees. | $12.95 - $25/month | $24.95 - $49.95/month | Included |
Square Square handles PCI compliance as part of their service. Merchants using Square are covered under Square's PCI certification. No separate PCI fee charged. | No PCI fee | N/A | N/A |
Stripe Stripe maintains its own PCI DSS Level 1 certification and handles card data on their servers. Merchants using Stripe typically qualify for SAQ A (22 controls). | No PCI fee | N/A | N/A |
PayPal PayPal handles PCI compliance for transactions processed through their platform. Merchants using PayPal Checkout or hosted buttons have minimal PCI obligations. | No PCI fee | N/A | N/A |
Clover (Fiserv) PCI fee varies by Clover plan. Some plans include PCI compliance. Non-compliance fee applies if SAQ is not completed through the Clover Security portal. | $0 - $15/month | $29.95/month | Included |
Toast Toast handles PCI compliance as part of their restaurant POS platform. No separate PCI fee. Toast maintains its own PCI certification. | Included in platform fee | N/A | N/A |
Are PCI Fees Legitimate?
The answer depends on what your processor actually provides for the fee. Some PCI fees are genuinely valuable. Others are essentially a surcharge with minimal compliance benefit.
Signs of a Legitimate PCI Fee
- Full SAQ completion portal with guided workflow
- Quarterly ASV scanning included in the fee
- Access to compliance support (phone or email)
- Breach protection insurance or warranty included
- Clear documentation of what the fee covers
Signs of a Junk PCI Fee
- No compliance portal or SAQ tools provided
- Fee appears on statement but processor cannot explain what it covers
- No mechanism to complete SAQ and remove non-compliance charges
- Fee increased without notice or explanation
- Processor charges PCI fee but uses a third party with an additional fee
How to Remove or Reduce PCI Fees
While you may not be able to eliminate the base PCI compliance fee entirely, there are several strategies to reduce your total PCI-related processor charges.
Complete your SAQ through the processor portal
This is the most immediate action. Completing the annual SAQ removes the non-compliance fee, which is often the larger of the two charges. Log into your processor's compliance portal (call them for credentials if needed) and complete the questionnaire.
Ask for an itemised breakdown of what the fee covers
Request a written explanation of what services the PCI fee includes. If the processor cannot explain the fee or does not provide genuine compliance tools, you have leverage to negotiate.
Negotiate the fee directly
Many processors will reduce or waive the PCI fee for long-term merchants, high-volume accounts, or merchants who have completed compliance through an alternative provider. It never hurts to ask.
Consider processors with no PCI fee
Stripe, Square, PayPal, and Toast do not charge separate PCI fees. If the PCI fee is a significant portion of your processing costs, switching processors may be the most cost-effective solution.
Use a third-party compliance platform
If you achieve PCI compliance through an independent platform (such as SecurityMetrics, Sprinto, or similar), some processors will accept your Attestation of Compliance and waive their compliance programme fee.
Processor PCI Fees vs Actual Compliance Costs
The monthly processor PCI fee covers only a small fraction of your total PCI compliance obligation. Many merchants confuse the processor fee with total compliance cost. Here is how they compare for a typical Level 4 merchant.
Processor PCI Fee
- Monthly enrolment: $10 to $30
- Annual total: $120 to $360
- Covers: SAQ portal access, basic scanning
- Does not cover: remediation, pen testing, SIEM, training
Actual PCI Compliance Cost (Level 4)
- SAQ completion: $50 to $5,000
- ASV scanning: $400 to $1,500/year
- Security training: $200 to $1,000/year
- Remediation: $500 to $5,000 (Year 1)
- Total: $1,000 to $10,000/year
For a full breakdown of actual compliance costs, use the PCI compliance cost calculator. To understand what real non-compliance penalties look like (as opposed to processor surcharges), see the penalties and fines breakdown.