The PCI Compliance Fee Gouge
Just like everything else, a lot has changed since our original post on this topic on June 4, 2009.
Today the card associations require that all merchants regardless of size validate Payment Card Industry Data Security Standards (PCI DSS) compliance with this data protection standard.
Compliance with PCI DSS has always been very important to protect your business. It’s only the validation requirements that have changed. The fees being charged for PCI Compliance are not uniform throughout the industry. Some merchant account providers charge monthly, some annually and some both and these fees can really start to add up.
Merchants need to be aware of how and when PCI fees are billed to avoid being gouged with excessive fees. Merchants should also know that they may choose to complete an SAQ on their own and can work with any PCI vendor they choose should a system scan be required. Merchants are not forced to pay for PCI services through their merchant account provider.
Vantage has partnered with ControlScan to help our clients meet PCI compliance at a very reasonable price. This is simply a well researched and negotiated choice but our clients can opt out of using the ControlScan service by providing a copy of their PCI validation documents.
It is also important to remember that there is a difference between security and compliance. While PCI compliance is a mandated point-in-time measurement of your security readiness, the underlying security requirements must be adhered to on a daily basis to protect your business.
In the event of a data compromise, merchants face significant fees and fines. The average breach cost for a Level 4 merchant is around $39,000 and PCI DSS validation does not affect your responsibilities associated with your merchant account in the event of a data compromise. You may want to contact your business insurance provider and ask them about a comprehensive data compromise rider to cover you in case of a breach.
For additional PCI DSS info visit: http://www.vantagecard.com/resources/PCI_Data_Security.html.