• Developers
  • Reporting
  • Disputes
  • Contact us
  • Log in

Main Navigation

  • Account

      Account

        • Customer docs & pricing

          Find important documents such as our Terms of Service and Merchant Operating Instructions, as well as more information on things like Stored Credential Transactions and the Account Updater Service

        • Compliance & security

          For more information on Strong Customer Authentication, PCI Compliance, and fraud prevention best practices

        • Stationery ordering

          Order your tally rolls, card scheme logo stickers, and more

        • FAQs

          Our FAQs can help you with queries including pricing changes, cleaning and restarting your terminals, and Multi-Factor Authentication

  • Products

      Products

        • POS help
        • Ecommerce help
        • Bank Payment
  • Insights
  • Trending Articles
Sign up
Search

Main Navigation

  • Account
      Account

      Account

    • Customer docs & pricing
    • Compliance & security
    • Stationery ordering
    • FAQs
  • Products
      Products

      Products

    • POS help
    • Ecommerce help
    • Bank Payment
  • Insights
  • Trending Articles
    • Developers
    • Reporting
    • Disputes
    • Contact us
    • Log in
    Sign up /en-gb/sitecore/content/gpn/corporate/corporate/home/modals/signup-homepage

Sidebar Navigation

  • Account -
    • FAQs +
      • Pricing frequently asked questions +
      • PCI Frequently asked questions +
      • Best practice for cleaning your POS device(s) +
      • Terminal restart guide +
      • CNP FAQs - resubmitting declined transactions +
      • Multi-Factor Authentication for Global Payments Ecommerce Portal +
      • Ecommerce FAQs +
      • Bank Payment FAQs +
      • Your invoice explained +
      • How do I make a complaint +
    • Customer Docs & Pricing +
      • Terms of Service +
      • Merchant Operating Instructions +
      • Interchange fee update +
      • Recovered card form +
      • Mastercard and Visa Interchange rates +
      • Merchant Data Processing Notice +
      • Enhanced Authorisation Data Service merchant implementation guide +
      • Stored Credential Guide +
      • SCT Technical Implementation Guide +
      • SCT Decision Tree +
      • Account Updater Service +
      • Account Updater migration to UK Ensurebill +
    • Compliance & Security -
      • Ecommerce fraud management +
      • Know the risks +
      • Online Card Not Present Best Practices +
      • Fraud Hints and Tips Guide +
      • Reducing Risk of Fraud Guide +
      • Guide to Patching +
      • Know the risks +
      • What To Do If You're Compromised +
      • PCI Frequently asked questions -
      • SCA +
        • One-off payments without saving card details
        • One-click payments without saving card details
        • Card saved for recurring, automatic payments
        • Payment over the phone (MO/TO)
        • What Do I Need to Do to Be SCA Compliant?
        • PSD2 and SCA Technical Information Guide
        • Strong Customer Authentication Decision Tree
        • How to use the Strong Customer Authentication (SCA) Authentication Outage Indicator
    • Stationery ordering +
    • How do I understand my invoice? +
  • Products +
    • Point of Sale Help +
      • Quick Start Guide Miura M10 Device +
      • Quickstart Guide Miura M20 Device +
    • Ecommerce Help +
      • Transaction management +
      • Customer management +
      • Fraud Management +
      • Resetting your password +
      • Virtual Terminal +
      • Ecommerce portal navigation +
      • User Management +
      • Transaction reporting +
      • Ecommerce FAQs +
    • Bank Payment +
      • Bank Payment FAQs +
      • Bank Payment sales sheet +
  1. Home
  2. Account
  3. Compliance & Security
  4. PCI Frequently asked questions
Last updated 01/25/2023
2 Min Read Time

PCI Frequently asked questions

What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements which all companies that process, store, or transmit card information need to follow, to maintain a secure environment.

Why is it important to achieve compliance?

It’s important because by achieving compliance you avoid a potential data breach and the loss of your customers’ data. Even a small breach typically costs thousands of pounds as you’ll need to fix the data leak, pay for a forensic investigation and may also face Card Brands penalties. This can have a huge impact on cash flow and staff resources, and sadly we know of some companies that have ceased trading following a data breach.

What is a PCI Non-Compliance Fee?

PCI non-compliance fees are charges incurred when you don’t attest that you are PCI DSS compliant to your acquirer.

Why didn’t I receive any reminders about my PCI compliance?

After you’ve taken your first transaction, a letter is sent to your trading address which explains what is needed, the deadlines and the fees that apply if you fail to meet the deadline.

You’ll also receive annual renewals. These are emails sent out by SecurityMetrics on a weekly basis about four weeks before the expiry date. You’ll also receive a letter from us, which is sent to your trading address one month before the expiry date.

Why haven’t I been informed about PCI DSS and the penalties of not being compliant?

In the question above, we outline when letters for both new merchants and those due to renew their compliance are sent to the trading address. In these letters we explain the details, including the fees for not being compliant. They are also explained in the Terms of Service and Know the Risks documents.

How are the PCI Non-Compliance Fees calculated?

PCI non-compliance fees are charged one month in arrears and calculated at either 15 pence per transaction or £75 - whichever is greater.

How often do I need to complete my PCI compliance?

Self-Assessment Questionnaire (SAQ) Only - you need to complete an SAQ annually.

SAQ & Approved Scanning Vendor (ASV) Scans - as well as completing an SAQ, you may also need to have quarterly network scans if you have internet-facing internet protocol (IP) addresses. Network scans help identify vulnerabilities and misconfigurations of web sites, applications, and information technology infrastructures with Internet-facing IP addresses.

However this should be done automatically by your ASV provider and sent to you, with the results.

Do I still need to pay PCI Non-Compliance Fees if I only missed the deadline by a few days?

Yes, your compliance status is taken on the last day of the month, this means if you miss that deadline by a few days you have still been non-compliant for the entire month and non-compliance fees will apply.

Will the PCI Non-Compliance fee be refunded once compliance is achieved?

No, the fee is charged for a period of non-compliance. By becoming compliant, you will stop future charges being applied.

I have already achieved compliance, why am I still being charged?

Non-compliance fees are charged in arrears. For example, if you were non-compliant on 31st May, you’ll see the fee associated with this period on your July invoice which you receive in August.

Will I still be charged PCI Non-Compliance Fees even though I’ve been closed throughout the COVID-19 pandemic?

Yes, PCI non-compliance fees will still be charged.

If you’re unable to pay or feel this is unfair then you should contact either your relationship manager or the helpdesk.

Do other Acquirers charge PCI Non-Compliance Fee?

Yes, other acquirers do charge fees for PCI non-compliance.

Is the Non Secure Fee the same as PCI Non- Compliance Fee?

No, they are not the same. A Non Secure Fee is applied to transactions that aren’t taken using Chip & PIN or 3D Secure online. These transactions carry an additional risk and are more likely to be susceptible to fraudulent activities. To minimise this cost, where possible ensure that you process transactions securely.

What is a secure transaction?

A transaction that has been processed with additional cardholder verification such as Chip & PIN or 3D Secure.

  • Account
  • Products
  • Customer Docs & Pricing
  • Compliance & Security
  • Industry news
  • Trending articles
  • Notices and Policies
  • Sitemap

Already a customer?

Log in

Connect

  • LinkedIn
  • Twitter
  • Facebook
  • YouTube
{D6036E8F-C9A1-420D-AEC3-5680EC9FBE35}
 

Global Payments is a trading name of GPUK LLP. GPUK LLP is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017 (504290) for the provision of payment services and under the Consumer Credit Act (714439) for the undertaking of terminal rental agreements. GPUK LLP is a limited liability partnership registered in England with company number OC337146. Registered Office: Granite House, Granite Way, Syston, Leicester, LE7 1PL. The members are Global Payments U.K. Limited and Global Payments U.K. 2 Limited. Service of any documents relating to the business will be effective if served at the Registered Office.

Global Payments is also a trading name of Pay and Shop Limited. Pay and Shop Limited is a limited company registered in Ireland with company number 324929. Registered Office: The Observatory, 7-11 Sir John Rogerson's Quay, Dublin 2, Ireland. Service of any documents relating to the business will be effective if served at the Registered Office.

© 2023 GPUK LLP. All rights reserved. Privacy Statement | Terms of Use  | Ethics Reporting Hotline | Gender Pay Report  | Anti Slavery Statement