PCI DSS Service Providers Levels for VISA are defined as the following:
Level 1: All VisaNet processors (member and non-member) and all payment gateways.
Level 2: Service Providers (agents) not in Level 1 that store, process, or transmit > 1 million accounts/transactions annually.
Level 3: Service Providers (agents) not in Level 1 that store, process, or transmit < 1 million accounts/transactions annually.
Additionally, these various “levels” have predefined requirements for PCI DSS compliance, which essentially call for the following:
* Annual onsite review by QSA
* Quarterly network scan by ASV
* Annual Self-Assessment Questionnaire
(Canada: SAQ required and must be reviewed by QSA)
In short, you will need to retain a Qualified Security Assessor (QSA) to help with PCI DSS compliance. A QSA will assist in guiding your organization through an actual on-site assessment.