Regulatory Compliance, Governance and Security

Jun 26 2009   3:16PM GMT

PCI DSS Requirements and PCI DSS Merchant Levels | American Express | AMEX

Charles Denyer Charles Denyer Profile: Charles Denyer

While most individuals focus on Merchant Levels for VISA, it’s important to note that the additional payment brands, such as American Expresss (AMEX), have defined their own respective merchant levels based on transaction volume and what the requirements are. With that said, listed below are AMEX’s Merchant Levels and their corresponding requirements:

Level 1: Merchants processing over 2.5 million American Express Card transactions annually or any merchant that American Express otherwise deems a Level 1.

Level 2: Merchants providing 50,000 to 2.5 million American Express transactions annually or any merchant that American Express otherwise deems Level 2.

Level 3: Merchants processing less than 50,000 American Express transactions annually.

Level 4: NA. (AMEX does not have a 4th level, such as VISA).

Level 1 Requirements: Annual onsite review by QSA (PCI DSS Assessment) and Quarterly Network Scan by ASV.

Level 2 Requirements:Quarterly Network Scan by ASV.

Level 3 Requirements:Quarterly Network Scan by ASV.

To learn about PCI DSS compliance and the varying requirements for merchants and service providers, please visit

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: