Non-receipt of PCI Validation fee for $19.95 showing up on your merchant statements? UPDATED 2016 – This could be from failure to complete your required PCI Compliance paperwork or it could be that an interim scan failed.
Security Metrics paperwork has been deleted to reflect industry changes since original DISCLAIMER: Your documents and fees may vary. Newer documents may have been published since these. Please contact your processor for specific information about your PCI Compliance statement fees.
This subject was highlighted in the January 3D Merchant newsletter. First Data created a mandatory PCI Compliance Assistance Service Program in 2009. Since so many merchant processors have First Data relationships, the reach is huge. Security Metrics administers the program, which has a mandatory annual fee and compliance certification requirement. Merchants MUST return the PCI Compliance Validation form in a timely manner. If you do not return the form, or are not PCI Compliant, you’ll be charged $19.95/month. All fees are deducted from your merchant account. I’ve already seen this fee appear on a Sun Trust merchant statement from a non-customer as a non-receipt of PCI Validation so please turn in your paperwork per the instructions.
A few merchants I’ve spoken to said they didn’t receive the letter from Security MetricsÂ but they are getting billed. Unfortunately, this is basically a blind program. We don’t know when letters are sent, and don’t know there is a problem until the non-compliance fee shows up. Merchants should read the ALERT messages that appear on their statements. There is information about upcoming fee changes, and other critical messages.
WHO GETS THE LETTERS?
It’s delivered to the same name and address that merchant statements are sent to. If you have an old name on your merchant statement, update your records.
WHEN ARE THE LETTERS SENT? They are being sent at random until every merchant receives them.
WHAT IF I DON’T HAVE A LETTER, BUT I’M GETTING A MONTHLY Non-receipt of PCI Validation FEE? If you’re one of my customers, you can go straight to SecurityMetrics.com and register. Your company is in the database and you’re automatically billed on your merchant statements.
DO I NEED TO FAX OVER THE ENROLLMENT FORM? No. That is one of the options. I recommend that you simply start with the online form.
DO I NEED TO KNOW ALL THE ANSWERS BEFORE I START ONLINE? No, but I recommend you visit the PCI Security Standards web site first and download the appropriate SAQ (self assessment questionnaire). That way when you do online you can zip through the questions.
WHAT IF I’VE ALREADY BEEN CERTIFIED BY ANOTHER APPROVED VENDOR? You can submit your certification documentation via fax to 402-916-8240 or via email. Contact your processor or sales agent for details.
IS THE MONTHLY FEE PERMANENT? No. The fee is for non-receipt of materials. Once you are proven PCI Compliant, the fee will come off, however, it may not be immediate.