Credit Card Processing Series Part 3 of 3 - Compliance, Your Rights, and How to Stop Overpaying
Turning what you know into money that stays in your business
In Part 1 we mapped how a transaction moves through the system, and in Part 2 we broke down the three layers of fees and the pricing models that decide what you pay. This final article is about action: protecting your customers' data, knowing the legal rights that are expanding in your favor, defending against chargebacks, and asking the handful of pointed questions that separate a fair processing relationship from an expensive one.
Security and Compliance: The PCI DSS Requirement
Accepting cards comes with an obligation to protect your customers' card data. The framework that governs this is the Payment Card Industry Data Security Standard (PCI DSS), established jointly by Visa, Mastercard, American Express, Discover, and JCB. As of 2024, version 4.0 of the standard is in full effect.
Every business that accepts cards must comply, but the validation requirements scale with your transaction volume. The networks define four merchant levels:
Most processors charge a PCI compliance fee to provide tools and support for this, commonly in the range of roughly $80 to $120 a year or a small monthly charge, according to industry fee surveys. If a merchant fails to validate compliance, processors often impose a monthly PCI noncompliance fee that can be far larger. Many merchants pay noncompliance fees for months or years simply because they never completed a questionnaire they did not know existed.
There is a meaningful upside to getting this right beyond avoiding fees. Visa's Technology Innovation Program can waive the annual PCI validation requirement for eligible merchants when at least 75 percent of their transactions run through chip enabled terminals, a validated point to point encryption solution, or a qualifying tokenization setup. Modern, secure equipment does not just protect your customers. It can reduce your compliance burden and your exposure if a breach ever occurs.
The Regulatory and Legal Landscape You Should Know About
The cost of accepting cards is not just an economic issue. It has been the subject of litigation and legislation for two decades, and recent developments directly affect your rights as a merchant.
The Long Running Antitrust Case
A class action known as the Payment Card Interchange Fee and Merchant Discount Antitrust Litigation has been working through the federal courts since 2005. Merchants alleged that Visa and Mastercard, acting as a duopoly that controls most of the market, illegally fixed swipe fees and imposed rules that prevented businesses from steering customers toward cheaper payment methods. Earlier proposed settlements were rejected, including a $30 billion deal that a federal judge turned down in 2024 for offering merchants too little relief.
In November 2025, Visa and Mastercard announced a revised settlement. Under its terms, the networks agreed to lower the combined average effective credit interchange rate by 0.10 percentage points for five years and to cap rates on certain standard consumer credit cards at 1.25 percent for an eight-year period. The deal would also end the longstanding honor all cards rule, giving merchants the right to decline certain higher cost cards, and would expand merchants' rights to surcharge and to form buying groups. Merchant advocacy organizations have objected that the relief is too small, and at the time of writing the settlement still faces challenges.
The takeaway: the rules are actively shifting, and the rights you have as a merchant in 2026 may be different from what they were a year ago.
Surcharging and Your Rights
One concrete area of change is surcharge, the practice of adding a fee when a customer chooses to pay by credit card. Under the proposed settlement framework, merchants would gain expanded ability to surcharge specific card brands or products, subject to limits. Industry analysis of the settlement terms indicates a surcharge generally cannot exceed 3 percent of the transaction or the merchant's actual cost of acceptance, whichever is lower, and must be clearly disclosed to the customer at the point of sale and on the receipt. Surcharging must also be applied consistently and requires advance written notice to your acquirer.
Critically, surcharge is also governed by state law, and several states restrict or prohibit it through consumer protection statutes. This is precisely the kind of area where the rules vary by where you operate and what you sell and where getting it wrong can create legal exposure rather than savings.
The Debit Regulation Backdrop
On the debit side, the Federal Reserve's Regulation II continues to govern the interchange cap discussed in Part 2, and the Fed has been weighing a proposal to lower the cap further. Its biennial reports show that debit interchange fees across all transactions reached $34.12 billion in 2023. Whether or not the cap changes, the existing rules already make debit acceptance dramatically cheaper than credit, which is a lever many merchants underuse.
Chargebacks: The Cost Beyond the Fee
Fees are the visible cost of accepting cards. Chargebacks are the cost many merchants forget until one arrives. A chargeback occurs when a cardholder disputes a transaction with their issuing bank, and the funds are pulled back out of your account while the dispute is investigated. Reasons range from genuine fraud to buyer's remorse to simple confusion about a charge on a statement.
Beyond the lost sale, chargebacks usually carry a fee of their own, and a pattern of excessive chargebacks can put a merchant into costly monitoring programs run by the networks or, in severe cases, jeopardize the ability to accept cards at all. Card-not-present businesses are especially exposed. Sound practices reduce both the frequency and the impact:
• Use clear billing descriptors so customers recognize the charge
• Keep good records of every transaction
• Accept cards securely, with chip, tap, and proper data capture
• Respond to disputes promptly and with documentation
A knowledgeable partner helps merchants build these defenses before chargebacks become a problem rather than after.
Questions to Ask About Your Own Account
You do not need to become a payments expert to protect yourself. You need to ask a handful of pointed questions, and to notice when the answers are evasive.
1. Which pricing model am I on, and can you show me the interchange, the assessments, and your markup as separate numbers? A straightforward answer points to a transparent relationship. Reluctance points to the opposite.
2. What is my effective rate? Take the total fees on a recent statement, divided by the total sales processed, and you have your real all in cost as a percentage. Compared to the national averages from Part 2, this single number tells you quickly whether you are in a reasonable range.
3. What are all the fixed monthly and annual fees, and what is each one for? Statement fees, monthly minimums, batch fees, gateway fees, regulatory product fees, and PCI fees should each have a clear purpose. Charges no one can explain are charges worth questioning.
4. Am I PCI compliant, and am I paying a noncompliance fee? If you are paying a penalty, completing the right Self-Assessment Questionnaire can often eliminate it.
5. How are my transactions being processed, and am I qualifying for the lowest available rates? In person, chip and tap, and properly captured data all influence which interchange category applies.
6. Have my rates changed in the last year, and why? Quiet rate creep is common, and knowing your baseline lets you catch it.
If a processor cannot or will not answer these clearly, that itself is useful information. The card networks' costs are the same for everyone. The service, the transparency, and the markup are not, and those are the things you are actually choosing when you choose who to work with.
Where Money Quietly Leaks Out of Your Business
Pulling the threads together, here is where independent merchants most commonly lose money without realizing it:
• Sitting on tiered or flat rate pricing when their volume would justify interchange plus, paying a padded rate month after month
• Never auditing statements, so creeping rate increases and added line items go unnoticed
• Paying PCI noncompliance fees because no one walked them through the questionnaire
• Running transactions in ways that push sales into higher interchange categories, such as keying in card numbers that could have been tapped
• Accepting rate increases at face value because the statement is too opaque to challenge
• Treating processing as a set-it-and-forget-it utility rather than a recurring cost that deserves the same scrutiny as rent or insurance
Individually, each leak looks small. Across a year of sales, on a cost that the Nilson Report puts at well over a percent and a half of everything you ring up, they add up to real money that belongs in your business, not in a processor's margin.
How an Expert Partner Like QSS Protects You
The card networks set interchange. The networks set assessments. Those are fixed. But everything else, the pricing model, the markup, the equipment, the compliance posture, and the way your transactions are configured, is open to optimization by someone who knows the system from the inside.
• We translate your statement. You get a clear breakdown of what is interchange, what is assessments, and what the processor is keeping, so you finally know your true effective rate.
• We benchmark and right size your pricing. If you are on a tiered or flat rate plan that no longer fits your volume, we identify whether interchange plus would lower your cost and by how much.
• We configure your processing to qualify for lower rates. Small technical adjustments can move sales into cheaper interchange buckets legitimately.
• We manage your PCI compliance. We help you complete the right questionnaire, deploy secure equipment, and where possible reduce your validation burden entirely.
• We keep you current with the rules. As the antitrust settlement, surcharging rights, and debit regulations evolve, we tell you which new rights apply to your business, in your state, and how to use them without creating legal risk.
• We give you leverage. Because we understand the genuine cost of acceptance, we can hold processors accountable and challenge unjustified increases.
This is exactly the role QSS plays for the independent grocers, supermarkets, restaurants, and retailers we serve across the New Jersey and New York metro area. We work with the major POS and payment platforms our clients rely on, and we approach card processing the way a good accountant approaches your books, as a cost to be understood, managed, and optimized on your behalf, not a mystery to be endured.
The Bottom Line for Business Owners
Credit card processing is no longer a back office detail. With total U.S. swipe fees approaching $200 billion a year and average credit card rates climbing past 2.35 percent, it is one of the largest controllable costs most merchants carry, and the one most likely to be quietly overcharged.
Across this series you have learned the players, the path a transaction takes, the three layers of fees, the pricing models, your compliance obligations, and the legal rights that are actively expanding in your favor. That knowledge alone puts you ahead of most business owners. Pairing it with a partner who lives in this world every day is how you turn understanding into savings.
If you have not looked closely at what you are paying to accept cards, there is a strong chance there is money on the table. The first step is simply finding out.
Ready to find out what you are really paying? QSS will read your current statement and show you, in plain numbers, your true effective rate and where your money is leaking. Reach out for a no obligation review.