Questions often arise around PCI compliance certification and compliance. The Card Associations require that each merchant account be certified as compliant annually. Failure to do so will expose you to risk of higher fines if you incur a data breach, and potentially higher PCI compliance fees from your processor. 
  • How do I become PCI compliant?
Pass the online Security Assessment Questionaire (SAQ), annually.If you procress over an internet connection, you must pass quarterly scans of your IP environment to insure proper firewall settings on your router and internet environment.

  • How much does it cost and how am I billed?
As a broker of merchant services, we write for a number of processors, each with their own PCI compliance relationships and vendors. Find the processor below to learn how your PCI fees are charged.

WorldPay customers are charged annually for PCI fees by ValuPlus Merchants Association (VPMA). The annual fee is $99, with an additional monthly fee of $19.95 if you are  not PCI compliant. Accounts initially boarded from March through August are billed in October, while accounts boarded from September through February are billed in April. Your annual PCI compliance fees will not appear on your WorldPay statement, as they are billed directly by VPMA.  VPMA uses Aperia as their PCI compliance vendor. Click here to access the Aperia website.

FirstData direct customers (boarded through VPMA) are charged annually by FirstData. The annual fee is $99, and FirstData will assess an additional $19.99 monthly fee for each month you remain non-compliant.  Fees will appear on your FirstData statement, generally in the third month after boarding, and annually thereafter. FirstData direct uses Security Metrics as their PCI compliance vendor.

FirstData Omaha customers (boarded by Capital Bankcard/Cayan) are charged $79 annually by FirstData. They do not charge any additional fees for PCI non-compliance. Fees will appear on your FirstData statement. Accounts boarded between April and September will see the fees on their November statement and fees deducted in December. Accounts boarded between October and March will see the fees on their May statement and fees deducted in June. Capital Bankcard uses Control Scon as their PCI compliance vendor.

Transfirst customers (boarded by VPMA under CoCard) are charged quarterly by Transfirst. The quarterly fee is $18.80, and will increase to $28.80 for any quarter that you are non-compliant, Fees will appear on your CoCard statement. Fees are assessed on a calendar schedule, regardless of when you account is boarded.  Fees are assessed on your January, April, July and October statements. Transfirst uses Control Scan for their PCI compliance vendor.

Regardless of who you process with, paying attention to your certification status is important, both for the security of your customer's data and for the impact to you in fees