About PCI Compliance

PCI compliance is a set of 12 security standards that businesses must adhere to when accepting credit card payments and transmitting, processing, and storing credit card information. Among the requirements are encryption of cardholder data, firewall management, antivirus updates, and assigning unique IDs to individuals with access to computers.

When you sign up for an EnrollsyPay account, to comply with PCI, merchants must complete a Self-Assessment Questionnaire (SAQ). After your account is approved, you should receive an email from Security Metrics, who is the service provider Till Payments/Nuvei (the credit card merchant account provider) uses to ensure and assist with PCI compliance.

Several parts of SAQs apply to different kinds of businesses, and many small business owners and merchants aren't sure which ones apply to them. You are guided through the questionnaire by Security Metrics, ensuring all the appropriate sections are completed.

This assessment and the other resources we share here will empower you to become PCI-compliant. PCI compliance saves money and helps protect you from risk as a merchant accepting electronic payments.

Regarding PCI DSS version 4.0, it introduces a new way of handling PCI with additional questions compared to the previous version. You can find more information in the FAQ provided by Security Metrics or by attending their webinar. It's probably not due until you need to do PCI again.

Here is a description of the fees charged for both PCI compliance and PCI non-compliance.

Some payment processors or merchant service providers charge their customers a PCI compliance fee for using their services. The fee covers the cost of providing merchants with PCI DSS tools, resources, and support.

PCI compliance fees vary by provider, but typically range from $79 to $120 per year. Providers may charge this fee monthly, quarterly, or annually. It may be included in the overall processing fee, while others may list it separately. EnrollsyPay charges $5.00/month for PCI/Breach Assist.

The PCI non-compliance fee is a penalty that some payment processors impose on their customers who fail to comply with the PCI DSS. The intention of this fee is to get merchants to take PCI compliance more seriously and to cover the potential risks of not complying with these standards.

The amount of the PCI non-compliance fee varies depending on the provider, usually between $10 and $100 monthly. EnrollsyPay charges $25.00/month. The PCI non-compliance fee is ONLY assessed if the merchant fails to complete the self-assessment questionnaire. There is also a 60-day grace period before this fee is charged.

To view these and other fees EnrollsyPay charges, see this fee sheet.

To learn more about PCI Compliance, see these resources:

See the steps below to complete the questionnaire.

The first question on the PCI Compliance Questionnaire pertains to a written security policy for P2PE. The Payment Card Industry (PCI) Security Standards Council created Point-to-Point Encryption (P2PE) as an encryption standard. It requires merchants' point-of-sale terminals to encrypt payment card data immediately after use. Payment processors cannot decrypt it until they transport it securely and process it.

Since 2011, P2PE has been an official program of the PCI Standards Council. Using PCI-validated P2PE solutions is not mandatory, but complying with PCI Council standards reduces the P2PE Self-Assessment Questionnaire to 26 items.

If you have questions when filling out the PCI Compliance questionnaire, please contact Security Metrics first by using one of the following contact methods: