Regulatory Compliance, Governance and Security » level 1

PCI Merchant Level Requirements | VISA Merchant Level Compliance

Charles Denyer — Fri, 24 Jul 2009 20:12:56 +0000

PCI Merchant Level Requirements for VISA are stated as the following:

Level 1: Any merchant-regardless of acceptance channel-processing over 6,000,000 Visa transactions per year. Also, any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.

Level 2: Any merchant-regardless of acceptance channel-processing 1,000,000 to 6,000,000 Visa transactions per year.

Level 3: Any merchant processing 20,000 to 1,000,000 Visa e-commerce transactions per year.

Level 4: Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants-regardless of acceptance channel-processing up to 1,000,000 Visa transactions per year.

The other payment brands (MasterCard, American Express, Discover Card, and JCB) also have their own requirements for merchants.

PCI DSS Compliance | Why You Need a QSA for Level 1 Compliance

Charles Denyer — Fri, 24 Jul 2009 20:00:58 +0000

PCI DSS Compliance for Level 1 Merchants and Service Providers is mandatory. In short, if you are a Merchant or Service Provider and have been called upon to become Payment Card Industry Data Security Standards (PCI DSS) compliant, then an on-site assessment by a Qualified Security Assessor (QSA) is what you will need.

A QSA is simply an individual who has gone through the licensing to become an expert in PCI DSS compliance. This is somebody who has been awarded the designation by the Payment Card Industry Security Standards Council, known as the PCI SSC.

For more information about PCI DSS compliance and in hiring a QSA for all your Level 1 needs, visit the official PCI DSS Resource Guide.

And lastly, MasterCard has now strengthened their requirements to make Level 2 merchants also undertake an on-site PCI DSS assessment.

PCI COMPLIANCE

Charles Denyer — Sat, 20 Jun 2009 03:31:41 +0000

Payment Card Industry Data Security Standards (PCI DSS) compliance means many different things to many people. And after all, it should, based on the complexities of truly understanding what the phrase “PCI Compliance” or being “PCI compliant” really means.

For an ounce of clarity, remember this. All merchants that fall into Level 1 of the transaction volume parameters for PCI will have to undertake an on-site PCI DSS assessment by a Qualified Security Assessor; somebody who has gone through the training and certification process by the Payment Card Industry Security Standards Council (PCI SSC).

“Most” other levels (and i stress most, because there are exceptions) can conduct their own self-assessment for PCI compliance. The world “self” is misleading because most organizations trying to comply will need assistance from a PCI QSA.

To learn more about PCI DSS, visit pciassessment.org.

PCI DSS Requirements | VISA Merchant Levels and Requirements for Compliance

Charles Denyer — Thu, 30 Apr 2009 14:51:43 +0000

PCI DSS VISA Requirements for Merchants as stated by VISA require merchants to first and foremost identify what “Level” of compliance is required. This simply requires your organization to identify the number of transactions per year that are undertaken. In short, calculate or approximate this number to see which level you fall into.

Level 1: Any merchant-regardless of acceptance channel-processing over 6,000,000 Visa transactions per year and Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.
Level 2: Any merchant-regardless of acceptance channel-processing 1,000,000 to 6,000,000 Visa transactions per year.
Level 3: Any merchant processing 20,000 to 1,000,000 Visa e-commerce transactions per year.
Level 4: Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants-regardless of acceptance channel-processing up to 1,000,000 Visa transactions per year.

Now, based on which Level you fall into, listed below are the requirements as set forth by VISA.

Level 1: Annual onsite review by QSA (PCI DSS Assessment) and Quarterly Network Scan by ASV
Level 2: Annual Self Assessment Questionnaire and Quarterly Network Scan by ASV
Level 3: Annual Self Assessment Questionnaire and Quarterly Network Scan by ASV
Level 4: Annual Self Assessment Questionnaire and Quarterly Network Scan by ASV

To learn more about PCI DSS Requirements, visit pciassessment.org

PCI Merchant Levels for American Express | PCI DSS

Charles Denyer — Sun, 12 Apr 2009 12:36:41 +0000

PCI merchant levels have been clearly defined by all the major payment brands (VISA, MasterCard, American Express, Discover Card, and JCB). What’s important to note is that you should also look at each of the payment brand’s respective Levels for truly understanding where you fall.

Thus, PCI merchant levels for American Express are defined as the following:

Level 1: Merchants processing over 2.5 million American Express Card transactions annually or any merchant that American Express otherwise deems a Level 1.

Level 2: Merchants providing 50,000 to 2.5 million American Express transactions annually or any merchant that American Express otherwise deems Level 2.

Level 3: Merchants processing less than 50,000 American Express transactions annually.

Thus, the requirements for these respective Levels as far as compliance is concerned are the following:

Level 1: Annual onsite review by QSA (PCI DSS Assessment) and Quarterly Network Scan by ASV.
Level 2: Quarterly Network Scan by ASV.
Level 3: Quarterly Network Scan by ASV.

To learn more about PCI Merchant Levels and the Payment Card Industry Data Security Standards (PCI DSS), visit pciassessment.org