James Northard

When making a payment online there is a merchant account and a gateway account. The merchant account is the bank account (where the money is deposited) and the gateway is the payment processor. So when you go to a website and fill in the information (name, address, credit card #, etc.) the gateway is verifying this information prior to depositing it into the merchant account. The Payment Card Industry (PCI) is an organization that requires certain measures to be met as far as security goes for the gateway account. The gateway can be fined or shut down by PCI for not being compliant with their standards, so the gateways contract out these third-party companies to ensure that all of their customers are compliant. If the company is not compliant, the gateway will add a fee to the account because they are taking a risk.

Are you able to choose who your PCI compliance is verify through?: Yes and No. It depends what gateway account the company is using. All of these PCI standards are based on the volume of transactions. For companies that have a lot of transactions, there is a higher level of compliance that is required. A large (gateway) company they will typically contract out a company to handle these test and you need to verify compliance through them. The smaller companies (some banks provide gateways) only require a self-assessment which can be completed in about 5 minutes online. This assessment is also contracted out to third-party companies.

Once your client has become PCI compliant, they will no longer be charged the extra fee. The PCI compliance should also be built into the gateway fees, there should not be an extra charge to your client for this service.