What's a PCI non-compliance fee?

A penalty (usually $20-50/mo) charged when you haven't completed your annual SAQ. Most can be eliminated by spending 15 minutes in your processor's compliance portal.

How do I become PCI compliant?

Log into your processor's PCI portal, complete the SAQ (Self-Assessment Questionnaire), and run a quarterly external scan if you accept cards online. Most small merchants finish in under an hour.

Fees & pricing

PCI compliance fees, decoded

PCI compliance is required. The fee for it is not. Here's the difference.

✓Editorially reviewedReviewed by Sam Patel, Merchant services editorUpdated April 1, 2026How we make money Methodology Advertiser disclosure

Quick answer

$5-10/mo for PCI compliance is reasonable. $15+/mo is high. $20-50/mo for "PCI non-compliance" is almost always avoidable — log into your portal and complete the SAQ.

What it actually pays for

The legitimate version of a PCI fee covers your processor's compliance portal — the tool you log into to complete your Self-Assessment Questionnaire (SAQ), run quarterly external scans (if you take cards online), and document your security controls.

The junk version is the "PCI non-compliance fee" — a penalty charged automatically if you don't complete the SAQ within 90 days of opening your account. Many merchants never log in and pay this for years without knowing what it is.

Processors that include PCI free

FAQ

No — Visa and Mastercard require PCI compliance, but they don't require your processor to charge a fee for it. Stripe, Square, and Helcim include it free.

Stop paying junk fees

We'll match you with processors that include PCI free.

Get 3 quotes →Audit my rate

Related

Stop paying junk fees