We signed up with Flagship Merchant Services (aka iPayment, Inc.) in April 2011 after lengthy discussions with a representative regarding all the possible fees and percentages we would be charged for using their service. We do not have a yearly contract so there is no formal written agreement, but we do have a "schedule of fees" specific to our business that clearly states there are no annual fees, access fees, or merchant club fees.
After 1 month with Flagship we received a bill for $99.00 for "annual PCI compliance." Thereafter our statements also included an additional $19.95 monthly fee that was not explained. We called Flagship every month to ask what this $19.95 fee was for but until today (almost 1 year later) I didn't receive an answer.
It turns out that not only did we pay $99 in order to be PCI compliant, but we also paid $19.95 per month because we were not compliant. Why weren't we compliant? Because we didn't complete the "self assessment survey" that NO ONE at Flagship informed us needed to be completed in the first place!
Flagship is the company that stores customer credit card information on purchases through our business, not us. We in fact don't even have access to a customers payment information beyond their name, address, type of credit card used, and the last 4 digits of the card number. How can we be held responsible for the safety of information that even we do not have access to?
These fees were never included in the information given to us when we set up our account. These fees are not charged by a different credit card company we use for payment processing through our physical location. These fees are not required by the credit card companies as a condition of us processing payments for customers who have their credit cards. This is simply a way for Flagship to line their pockets without providing any actual service or protection.