PCI compliance. Sounds intimidating, right? Like something that requires a team of security consultants and a six-figure budget.
Good news: for most small businesses, it's actually pretty simple. Let's demystify it.
What Is PCI Compliance?
PCI DSS (Payment Card Industry Data Security Standard) is a set of security rules that anyone who handles credit card data must follow. It's designed to protect your customers' card information from being stolen.
If you accept credit cards, you need to be PCI compliant. Period.
What You Actually Need to Do
For most small businesses (processing under 1 million transactions per year), PCI compliance means:
1. Fill out a Self-Assessment Questionnaire (SAQ) — a checklist that takes 15–30 minutes. Your processor should provide this.
2. Don't store card numbers — if you're using a modern terminal or POS, card data is encrypted and never touches your systems. You're already good.
3. Use secure equipment — your terminal should support EMV (chip) and encryption. If it does, you're covering the biggest requirements.
The PCI Fee Scam
Here's where processors get sneaky. Many charge a “PCI compliance fee” of $15–$30/month. Some even charge a “PCI non-compliance fee” of $30–$100/month if you haven't filled out the questionnaire they never told you about.
These fees are pure profit. PCI compliance doesn't cost your processor anything.
At PAYHERO, we don't charge PCI fees. We help you stay compliant as part of our service — because that's what a good processor should do.
Bottom Line
PCI compliance for a small business = use a modern terminal, don't write down card numbers, and fill out an annual questionnaire. That's it. Don't let anyone charge you $30/month for it.