PCI compliance fees, decoded
PCI compliance is required. The fee for it is not. Here's the difference.
✓Editorially reviewedReviewed by Sam Patel, Merchant services editorUpdated April 1, 2026How we make moneyMethodologyAdvertiser disclosure
Quick answer
$5-10/mo for PCI compliance is reasonable. $15+/mo is high. $20-50/mo for "PCI non-compliance" is almost always avoidable — log into your portal and complete the SAQ.
What it actually pays for
The legitimate version of a PCI fee covers your processor's compliance portal — the tool you log into to complete your Self-Assessment Questionnaire (SAQ), run quarterly external scans (if you take cards online), and document your security controls.
The junk version is the "PCI non-compliance fee" — a penalty charged automatically if you don't complete the SAQ within 90 days of opening your account. Many merchants never log in and pay this for years without knowing what it is.
Processors that include PCI free
FAQ
No — Visa and Mastercard require PCI compliance, but they don't require your processor to charge a fee for it. Stripe, Square, and Helcim include it free.
A penalty (usually $20-50/mo) charged when you haven't completed your annual SAQ. Most can be eliminated by spending 15 minutes in your processor's compliance portal.
Log into your processor's PCI portal, complete the SAQ (Self-Assessment Questionnaire), and run a quarterly external scan if you accept cards online. Most small merchants finish in under an hour.
Stop paying junk fees
We'll match you with processors that include PCI free.