PCI DSS
Also called: PCI compliance
Quick definition: Payment Card Industry Data Security Standard — the rulebook every business that touches card data must follow. Maintained by the PCI Security Standards Council.
✓Editorially reviewedReviewed by Sam Patel, Merchant services editorUpdated April 1, 2026How we make moneyMethodologyAdvertiser disclosure
In plain English
PCI DSS has 12 requirements covering network security, encryption, access control, monitoring, and policy. Your merchant level (1-4, based on annual transaction volume) determines how strict your compliance validation is.
Most small merchants are Level 4 and can self-attest with a Self-Assessment Questionnaire (SAQ). Level 1 merchants (over 6M transactions/year) need a Qualified Security Assessor (QSA) audit.
Why it matters for your bill
Most processors charge a "PCI compliance fee" of $5-15/mo and a "PCI non-compliance fee" of $20-50/mo if you don't complete your annual SAQ. The first is sometimes legitimate; the second is often a junk fee designed to catch merchants who never log into the portal.
Related concepts
FAQ
It funds the processor's compliance scanning portal and SAQ tools. $5-10/mo is reasonable; $15+ is high.
Some processors (Stripe, Square, Helcim) include PCI compliance free. Always ask before signing.
How we research & score
- •Definitions reviewed against current card-network and PCI SSC documentation.
- •Updated when card-network rules or fee structures change.
Want to know what you're actually paying?
Get 3 honest quotes that decode every line item — no junk fees.