Regulatory Compliance, Governance and Security » annual report on compliance http://itknowledgeexchange.techtarget.com/compliance-governance Thu, 10 Mar 2011 15:04:50 +0000 en-US hourly 1 PCI DSS Requirements and PCI DSS Merchant Levels | VISA http://itknowledgeexchange.techtarget.com/compliance-governance/pci-dss-requirements-and-pci-dss-merchant-levels-visa/ http://itknowledgeexchange.techtarget.com/compliance-governance/pci-dss-requirements-and-pci-dss-merchant-levels-visa/#comments Fri, 26 Jun 2009 15:08:14 +0000 Charles Denyer http://itknowledgeexchange.techtarget.com/compliance-governance/pci-dss-requirements-and-pci-dss-merchant-levels-visa/ PCI DSS Requirements for Merchants is dependent on the “Level” your organization falls into. Currently, there are four (4) Merchant Levels for PCI DSS compliance. What’s important to note is that these merchant levels are based on transaction volume of cardholder data. But also keep in mind that many merchants who do not meet the more stringent Level 1 requirements because of lower transaction volumes may still have to become Level 1 compliant based on customer demands, marketing efforts for their company, or possible regulatory requirements (i.e, you’ve been notified by your acquirer that you need to be level 1 compliant).

Thus, here are the VISA Merchant Levels:

Level 1: Any merchant-regardless of acceptance channel-processing over 6,000,000 Visa transactions per year OR Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.

Level 1 Requirements:
* Annual Report on Compliance (“ROC”) by Qualified Security Assessor (“QSA”)
* Quarterly network scan by Approved Scan Vendor (“ASV”)
* Attestation of Compliance Form

Level 2: Any merchant-regardless of acceptance channel-processing 1,000,000 to 6,000,000 Visa transactions per year.

Level 2 Requirements:
* Annual Self-Assessment Questionnaire (“SAQ”)
* Quarterly network scan by ASV
* Attestation of Compliance Form

Level 3: Any merchant processing 20,000 to 1,000,000 Visa e-commerce transactions per year.

Level 3 Requirements:
* Annual Self-Assessment Questionnaire (“SAQ”)
* Quarterly network scan by ASV
* Attestation of Compliance Form

Level 4: Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants-regardless of acceptance channel-processing up to 1,000,000 Visa transactions per year.

Level 4 Requirements:
* Annual SAQ recommended
* Quarterly network scan by ASV if applicable
* Compliance validation requirements set by acquirer

To learn more about PCI DSS compliance and merchant level requirements for other payment brands (MasterCard, American Express, Discover Card, and JCB), visit pciassessment.org

]]> http://itknowledgeexchange.techtarget.com/compliance-governance/pci-dss-requirements-and-pci-dss-merchant-levels-visa/feed/ 0