Skip to main content
Real humans answer · (301) 304-8841 Book a 30-min demo

Member Management / FAQs

Compliance fees

Last modified: ~3 min read

Fee changes effective July 1, 2024 #

Data breaches targeting small businesses have increased significantly, and sponsor banks have responded by raising security-related fees. Three changes took effect on July 1, 2024:

  1. Sponsor bank monthly PCI fee increased from $15 to $49.
  2. Non-compliance fee increased from $25 to $79 per Merchant ID per month.
  3. Enhanced credit card and ACH tokenization services were implemented across all accounts.

PCI compliance and the non-compliance fee #

A PCI non-compliance fee appears on your merchant reporting when your business has not met the minimum data security standards set by the major card brands. The fee is assessed per Merchant ID each month that compliance is not confirmed.

Maintaining compliance eliminates this monthly fee and reduces long-term risk to your business and your members' payment data. PCI compliance demonstrates that your club meets the security standards required by Visa, Mastercard, Discover, American Express, your sponsor bank WorldPay, and ASF's PayFac.

Who must comply? All customers who process credit card payments with ASF.

Tokenization services #

Tokenization replaces sensitive payment data with algorithmically-generated tokens, securing payment information both at rest and in transit. Effective July 1, 2024, a pass-through cost of $0.03 per credit card or ACH transaction applies. Point of Sale transactions are not affected by this charge.

Completing your annual SAQ #

PCI compliance requires annual completion of a Self-Assessment Questionnaire (SAQ) per legal entity. Here is how the process works:

  1. You receive a Welcome email from SecureTrust (also known as Viking Cloud) with a link to the compliance portal.
  2. Complete the questionnaire online through the portal.
  3. Upon completion, you receive an Attestation of Compliance (AOC).
  4. ASF monitors compliance status monthly and applies the non-compliance fee to any Merchant ID that has not completed the SAQ.

What is required? One SAQ per legal entity, completed annually through the SecureTrust portal.

Frequently asked questions #

Why is PCI compliance required?

PCI compliance is mandated by the major card brands (Visa, Mastercard, Discover, and American Express), by sponsor bank WorldPay, and by ASF's PayFac. All businesses processing card payments through ASF must meet these minimum security standards.

How do I avoid the non-compliance fee?

Complete your annual SAQ through the SecureTrust portal when you receive the Welcome email. Once your AOC is on file, ASF confirms your compliant status and the fee does not appear on your account.

Does the tokenization charge apply to POS transactions?

No. The $0.03 per-transaction tokenization charge applies to credit card and ACH transactions only. Point of Sale transactions are excluded.

Where do I go with questions about my compliance status?

Contact ASF Client Support using the information below.

Need help? #

Contact your ASF account manager at clientsupport@asfpaymentsolutions.com or (301) 304-8841.

More from Billing FAQs

What is auto-convert?

How automatic account conversion works when payment failures occur under ASF Billing and Invoice Based Billing.

Billing FAQs

Answers to common billing questions covering cancellations, past-due logic, payment schedules, and refund eligibility.

What is a D-U-N-S number?

A D-U-N-S number is a unique nine-digit identifier for each physical business location, administered by Dun and Bradstreet.