One more thing. If my credit card processor and my credit card gateway are both PCI Compliant, then why do I have to be PCI Compliant. We are already getting fee-d to death by both of them for every transaction and now we have to pay more fees.

First off, security metrics isn’t at fault here. Your processor has outsourced PCI to Security Metrics and your processor is responsible for these charges.

Second, you should be able to get a refund for the extra merchant numbers. A business only needs to get PCI certified once. It’s ridiculous that they wouldn’t refund you for the accounts past the first on on this.

Lastly, as long as your business plays part in accepting a credit card, you are just as liable for a breach as your payment gateway or processor.

I think based on the experience that you are having, you need to find a new processor. It’s completely unacceptable that you would be charged multiple times for this. The fact that they wouldn’t refund past the first charge just makes no sense. PCI is not something that is going away, but it shouldn’t be a burden to the point that it’s really hampering your business. Your processor obviously doesn’t care for your business even though you have several accounts with them. Go find somebody that does.

I am being charged $139.80 per year for PCI Compliance by Transaction Solitions, (a provider of First Data). I am switching to Sam’s Club, (also a provider of First Data), because they have offered me a PCI Compliance fee on only $39.00 per year. Also they are lowering my MC & Visa discount rate from 2.035% to 1.49%.

I wouldn’t be too sure on Sam’s being cheaper. We and just about every other reasonable processor in the country is lower priced than sams club. The rate you’re quoting is only for qualified transactions. You end up paying for it on downgrades. 1.49% is a debit only rate also. Your credit rate will be more like 1.7 – 1.8%. Just by the fact that Sam’s is trying to use smoke and mirrors to get your business, I would stay away. There’s plenty of honest, upfront providers out there that have cheaper PCI fees than $140 per year.

Anyone who gets PCI compliant should be hanged publicly. This is the biggest fraud since the Federal Reserve. Just like the Federal Reserve the PCI Security Standards Council was founded by and for banks, for profit through manipulative scam fees and for the protection of their money. Everyone knows that a bank is responsible for stolen card charges. The banks didn’t have to fight the law though. Instead they made the public pay for it through PCI compliance.

The banks are not responsible for stolen card charges. The charges go back to the merchant, and then to the processor, and then to the acquirer. There’s no way the bank is on the hook at any point in the fraudulent charge process. They are also not making anything from PCI fees. I personally have major reservations about the way PCI has been presented, but what you’re saying is completely inaccurate.

Furthermore, Congress has openly stated that PCI is not near enough. Since merchant’s ignored Visa/MC warnings about PCI, we’re in a painful situation in trying to get everyone compliant. It’s going to get more more strict in the years to come.