PCI Non-Compliance Fee Explained: What That Charge on Your Statement Actually Means
If you see a “PCI Non-Compliance Fee” or “PCI Program Fee” on your monthly merchant processing statement, you are not alone. Millions of small business owners are charged $10-$100 every month because they have not completed a simple annual questionnaire. This guide explains exactly what the fee is, how much each major processor charges, and how to stop it -- usually in under 30 minutes.
Last verified: April 2026
What Is the PCI Non-Compliance Fee?
The PCI non-compliance fee is a monthly charge from your payment processor for not completing your annual PCI DSS Self-Assessment Questionnaire (SAQ). Every business that accepts credit or debit cards is required to validate their PCI compliance annually. If you have not done so, your processor adds this fee to your monthly statement as an incentive to complete the process.
It is important to understand what this fee is NOT. It is not a government fine. It is not a penalty from Visa or Mastercard. It is not an indication that you have been hacked or breached. It is simply your payment processor's way of saying, “You have not completed your annual PCI paperwork.” The fee is part of your merchant processing agreement, which you signed when you started accepting cards.
The fee typically ranges from $10 to $100 per month depending on your processor. Over a year, this adds up to $120-$1,200 in unnecessary charges. For most small businesses, the cost of actually completing the SAQ and becoming compliant ($300-$1,000 for SAQ A) is less than one year of non-compliance fees. In other words, it is literally cheaper to comply than to keep paying the penalty.
Quick Fix
If you use a hosted payment solution (Stripe Checkout, PayPal, Shopify), you likely qualify for SAQ A, which has only 22 questions and takes 15-30 minutes to complete. That is all it takes to stop the fee. See our SAQ guide to confirm which questionnaire you need.
Non-Compliance Fee by Processor
The table below shows PCI non-compliance fees charged by major payment processors. Modern payment facilitators like Square and Stripe do not charge PCI fees at all. Traditional merchant account processors typically charge $15-$50 per month.
| Processor | Monthly Fee | How to Become Compliant | Notes |
|---|---|---|---|
| Square | No PCI fee | Automatic - Square handles PCI compliance | Included in processing agreement |
| Stripe | No PCI fee | Automatic - complete SAQ A via Stripe Dashboard | No monthly fee regardless of compliance status |
| PayPal (Braintree) | No PCI fee | Automatic for hosted solutions | Braintree merchants may need SAQ A or A-EP |
| Clover / Fiserv | $30-$50/month | Complete SAQ via Clover Dashboard or call processor | Fee removed within 1-2 billing cycles after completion |
| Worldpay (FIS) | $19.95-$30/month | Complete SAQ at securetrust.com or call Worldpay | Some merchants report difficulty getting fee removed |
| TSYS / Global Payments | $19.95-$39.95/month | Complete SAQ via ControlScan portal or call processor | Annual fee waived upon SAQ completion |
| Heartland | $24.95-$39.95/month | Complete SAQ via Heartland Compliance portal | Fee appears as 'PCI Non-Compliance' on statement |
| Chase Paymentech | $14.95-$19.95/month | Complete SAQ via Chase Merchant Services portal | Compliance portal available at merchant.chase.com |
| Elavon | $19.95-$29.95/month | Complete SAQ via PCI compliance portal or call Elavon | Fee charged until compliance documentation submitted |
| First Data (now Fiserv) | $19.95-$34.95/month | Complete SAQ via TrustKeeper portal | May also charge annual PCI programme fee |
Fee amounts are based on publicly available information and merchant reports as of April 2026. Your actual fee may vary based on your specific merchant agreement.
Look Up Your Processor
Select your payment processor to see their specific fee and how to resolve it.
Annual Fee Waste Calculator
How much have you already paid in non-compliance fees? Enter the number of months to see your total.
Money Wasted on Non-Compliance Fees
$120 – $300
Based on typical $20-$50/month processor fees over 6 months. SAQ A compliance costs $300-$1,000 total.
How to Stop the PCI Non-Compliance Fee
Stopping the fee is straightforward. Follow these five steps, and you will typically see the fee removed within one to two billing cycles. For most small businesses on SAQ A, the entire process takes under 30 minutes.
Determine your SAQ type
Use our SAQ selector wizard to find out which questionnaire applies to your business. Most small merchants using hosted payment solutions need SAQ A (22 questions).
Find your SAQ typeAccess your processor's compliance portal
Most processors partner with a compliance service (ControlScan, SecurityMetrics, TrustKeeper) that provides an online portal for SAQ completion. Check the table above for your processor's specific portal.
Complete the SAQ honestly
Answer each question based on your actual practices. If you answer 'No' to any requirement, you will need to either remediate the gap or document a compensating control. For SAQ A, most questions are about confirming that you use a compliant payment provider.
Submit your Attestation of Compliance
Once all questions are answered satisfactorily, the portal will generate your Attestation of Compliance (AOC). Submit this through the portal. Some processors require you to also call or email a copy.
Verify fee removal on next statement
The non-compliance fee should be removed within 1-2 billing cycles. If it persists, contact your processor's compliance department (not general customer service) with your AOC completion date.
Is the PCI Compliance Fee a Scam?
The PCI non-compliance fee is not a scam -- it is a legitimate contractual charge. However, the way some processors handle it can feel deceptive. The fee is disclosed in your merchant processing agreement (usually buried in the fine print), and it serves a real purpose: incentivising merchants to complete their annual PCI validation, which protects both the merchant and their customers.
That said, there are legitimate concerns. Some processors charge a “PCI compliance programme fee” ($5-$15/month) EVEN AFTER you become compliant. This is essentially a perpetual surcharge disguised as a compliance incentive. If your processor charges a fee after you have submitted a valid AOC, push back. Request the specific contract clause justifying the fee, and consider switching processors if they refuse to remove it.
When the fee is a legitimate concern: if your processor makes it unreasonably difficult to complete the SAQ (broken compliance portals, unresponsive support, unclear instructions), this may constitute a predatory practice. Some merchant advocacy groups have successfully challenged excessive or misleading PCI fees with state attorneys general. If you believe your processor is acting in bad faith, document your compliance attempts and escalate to management.
The $20/Month Fee vs. the $5,000/Month Fine
A critical distinction that many merchants miss: the processor non-compliance fee ($10-$100/month) and the card brand non-compliance fine ($5,000-$100,000/month) are completely different charges. The processor fee is an administrative incentive. The card brand fine is an enforcement action.
Processor Fee (What You See)
- Amount: $10-$100/month
- Trigger: Not completing annual SAQ
- How to stop: Complete SAQ (15-30 minutes for SAQ A)
- Risk level: Annoying but not devastating
Card Brand Fine (What You Do Not See)
- Amount: $5,000-$100,000/month
- Trigger: Non-compliance after card brand audit or breach
- How to stop: Full PCI DSS compliance programme
- Risk level: Business-threatening
For the full breakdown of card brand fines and breach liability, see our penalties page. Most Level 4 merchants will only ever encounter the processor fee, not card brand fines. But the processor fee is often the first warning sign of broader non-compliance exposure.
Can You Get Non-Compliance Fees Refunded?
Yes, some processors will provide retroactive credits for non-compliance fees once you become compliant. Success depends on your processor, your relationship, and how you ask. Here is the recommended approach:
Complete your SAQ first. You have zero leverage asking for a refund while still non-compliant.
Contact the compliance department directly. General customer service agents rarely have authority to issue compliance-related credits.
Reference your AOC date. Provide the exact date you completed your SAQ and request credits from that date forward.
Ask for retroactive credits. Politely request 1-3 months of backdated credits. Frame it as goodwill for a compliant merchant, not as a complaint.
Document everything. If the fee continues after compliance, you may have grounds for a formal dispute under your merchant agreement.
Stop the Fee Today
Start by finding which SAQ you need. Most small merchants are Level 4 and can complete SAQ A in under 30 minutes. For broader compliance cost planning, use our cost calculator.