But as a course of business, we are constantly reviewing competing credit card processing statements for our clients. Among many of the confusing or ambiguous “fees” our clients tend to pay, there is one that always strikes me as a pure payday for the some credit card processors: The PCI Compliance Fee.
It goes by other names of course, but it almost always has to do with
- Payment Card Industry (PCI) compliance to Data Security Standards (DSS); and
- Giving the Merchant the impression they are in compliance with those standards.
But ask yourself:
- “Does paying this fee to your processor make you complaint?”
- “If you have a security breach and it is deemed that you are not compliant, are you shielded from exposure because you are paying this fee to your processor?”
- “And, are you typically given the tools from your processor to make sure you are in good stead with the Payment Card Industry?”
And the answers are:
- No
- No
- And sometimes, but not very often
The issue with this fee is that it has become mandatory for many processors – many times without the Merchant’s knowledge or approval. Consider this: If a Merchant has equipment that is PCI complaint, did a self-assessment and puts best practices in place to mitigate theft or fraud, should a Compliance Fee be assessed?
No, it shouldn’t; but yes it is.
Like other processing fees, a PCI Compliance Fee seems to come down from the top. It’s a non-starter and non-negotiable. You either pay it or move on. As a small business owner, you need to always get value on the expense line. If you are paying for something, there needs to be a return. But with this particular fee, it can become more problematic. Many merchants think they are paying for protection. They feel exposure is mitigated because they are paying for the compliance. Whether it’s through an actual desire to be compliant, inertia or allowing for false sense of security, the real work to become PCI Compliant rests squarely on the shoulders of the Merchant.
Paying a fee does not make your business more secure. Running your business smartly and with common sense always trumps that false sense of security.
No comments:
Post a Comment