Posted by: Charles Denyer
Annual onsite review by QSA, PCI DSS service provider levels, qsa, qualified security assessor, SAQ, visa, VisaNet
PCI DSS Service Providers Levels for VISA are defined as the following:
Level 1: All VisaNet processors (member and non-member) and all payment gateways.
Level 2: Service Providers (agents) not in Level 1 that store, process, or transmit > 1 million accounts/transactions annually.
Level 3: Service Providers (agents) not in Level 1 that store, process, or transmit < 1 million accounts/transactions annually.
Additionally, these various “levels” have predefined requirements for PCI DSS compliance, which essentially call for the following:
* Annual onsite review by QSA
* Quarterly network scan by ASV
* Annual Self-Assessment Questionnaire
(Canada: SAQ required and must be reviewed by QSA)
In short, you will need to retain a Qualified Security Assessor (QSA) to help with PCI DSS compliance. A QSA will assist in guiding your organization through an actual on-site assessment.