In tokenization (in which data storage is remote) there is a per transaction fee in place of upfront cost. In all of these estimates no opportunity and cost labor cost of other profit making endeavors has been included. Requirements of the Merchants A merchant accepting, processing or storing credit card data needs to be compliant.
It is still essential for small retailers and restaurants using a single POS system or terminal to be PCI Compliant. Both businesses are required to fill out Self Assessment Questionnaire, but the compliance process is much less involved. POS systems used by merchants are required to stay extra careful to make sure that no prohibited card data is being stored improperly and are needed to validate their vendor as PABP compliant (soon to become PA DSS).