PCI DSS Requirements and PCI DSS Merchant Levels | VISA
Posted by: Charles Denyer
PCI DSS Requirements and PCI DSS Merchant Levels | VISA, annual report on compliance, ROC, annual self assessment questionnaire, SAQ, Quarterly network scan by approved Scan Vendor, asv, Attestaion of compliance form, Merchant Levels 1, 2, 3, 4, charles denyer
PCI DSS Requirements for Merchants is dependent on the “Level” your organization falls into. Currently, there are four (4) Merchant Levels for PCI DSS compliance. What’s important to note is that these merchant levels are based on transaction volume of cardholder data. But also keep in mind that many merchants who do not meet the more stringent Level 1 requirements because of lower transaction volumes may still have to become Level 1 compliant based on customer demands, marketing efforts for their company, or possible regulatory requirements (i.e, you’ve been notified by your acquirer that you need to be level 1 compliant).
Thus, here are the VISA Merchant Levels:
Level 1: Any merchant-regardless of acceptance channel-processing over 6,000,000 Visa transactions per year OR Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.
Level 1 Requirements:
* Annual Report on Compliance (“ROC”) by Qualified Security Assessor (“QSA”)
* Quarterly network scan by Approved Scan Vendor (“ASV”)
* Attestation of Compliance Form
Level 2: Any merchant-regardless of acceptance channel-processing 1,000,000 to 6,000,000 Visa transactions per year.
Level 2 Requirements:
* Annual Self-Assessment Questionnaire (“SAQ”)
* Quarterly network scan by ASV
* Attestation of Compliance Form
Level 3: Any merchant processing 20,000 to 1,000,000 Visa e-commerce transactions per year.
Level 3 Requirements:
* Annual Self-Assessment Questionnaire (“SAQ”)
* Quarterly network scan by ASV
* Attestation of Compliance Form
Level 4: Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants-regardless of acceptance channel-processing up to 1,000,000 Visa transactions per year.
Level 4 Requirements:
* Annual SAQ recommended
* Quarterly network scan by ASV if applicable
* Compliance validation requirements set by acquirer
To learn more about PCI DSS compliance and merchant level requirements for other payment brands (MasterCard, American Express, Discover Card, and JCB), visit pciassessment.org
0 Comments
RSS Feed
Email a friend
