|
|
Thursday, October 30, 2008
PCI Compliance, Part 2 of 3: Merchant Levels
All merchants, no matter how large or small, must comply with all parts
of the PCI Data Security Standard (DSS). Validation requirements vary by business and are contingent based
on the merchant levels in the chart below.
|
Merchant Levels | Validation Actions |
|
Criteria |
On-Site Security Audit |
Self-Assessment Questionnaire | Network Vulnerability Scan |
|
L
E
V
E
L 1 |
VISA or MasterCard
• Process more than 6 million
transactions annually from any channel
• Any merchant who has experienced
a data compromise. •
Any merchant who is identified as a level 1 merchant with any card association. |
Required Annually |
N/A |
Required Quarterly |
|
L
E
V
E
L 2 |
VISA or MasterCard
• 1 million to 6 million
transactions annually from any channel • Any merchant who is identified as a level 2 merchant with any card association. |
N/A |
Required Annually |
Required Quarterly |
|
L
E
V
E
L 3 |
VISA or MasterCard
• 20,000 to 1 million ecommerce
transactions annually | N/A | Required Annually | Required Quarterly |
|
L
E
V
E
L 4 |
VISA
• Less than 20,000 ecommerce
transactions annually or up to 1 million transactions from any channel
MasterCard
• All other
merchants | N/A | Required Annually | Required Quarterly |
|
|
 |
 Subscribe
Archives
|