Skip to main content

Understand PCI compliance levels


If you process credit cards, you can’t avoid dealing with PCI (Payment Card Industry) compliance—and the best thing you can do is educate yourself so your business and systems adhere with these important guidelines at all times. All merchants fall into one of four merchant PCI compliance levels, which are determined based on your Visa transaction volume and type over the period of a year. Visa transactions include all credit, debit and prepaid cards with the Visa logo.

Let’s take a look at how merchants are classified into the four levels.

PCI Compliance Level 1 Merchant
Any merchant that processes over 6 million Visa transactions per year (regardless of the processing channel: in-store, online, etc.)
Any merchant that Visa determines should be a Level 1 merchant to minimize risks to the Visa system
Due to their high annual processing volumes, Level 1 Merchants must take the greatest efforts to secure their processing systems. These merchants must complete annual on-site reviews by an internal auditor and successfully pass a required network scan by an approved scanning vendor.

PCI Compliance Level 2 Merchant
Any merchant that processes 1 million to 6 million Visa transactions per year (regardless of the processing channel: in-store, online, etc.)
PCI Compliance Level 3 Merchant
Any merchant that processes 20,000 to 1 million Visa eCommerce transactions per year
PCI Compliance Level 4 Merchant
Any merchant that processes fewer than 20,000 Visa eCommerce transactions per year
Any merchant that processes up to 1 million Visa transactions per year (regardless of the processing channel: in-store, online, etc)
Note that any merchant that has suffered a data breach of sensitive card data may be escalated to a higher validation level.

Maintaining Level 4 Classification
To satisfy the requirements of being classified as a Level 4 Merchant, a small to medium-sized business must:

Complete the appropriate Self Assessment Questionnaire (SAQ) from the PCI Security Standards Council (SSC)
Complete and obtain evidence of a passing vulnerability scan with a PCI SSC-approved scanning vendor (not applicable to all merchant types)
Complete the appropriate Attestation of Compliance in its entirety (located within the SAQ)
Submit the SAQ, evidence of passing the vulnerability scan (if required for your business type), the Attestation of Compliance and other requested documentation to your acquirer
Level 2, 3 and 4 Merchants must keep their annual SAQ current and conduct quarterly vulnerability scans with an approved scanning vendor.

For more information on achieving and maintaining PCI compliance, check out the PCI Security Standards Council website. Remember that PCI compliance is not a one-time solution, but rather a practice in which your business must be continually engaged in order to ensure compliance. Contact your payments processor for help in meeting the criteria.


#awepay #payments #paymentservices #paymentsolution #paymentsolutions #paymentsmadeeasy #PaymentsWithOutBorders #paymentsystem #paymentsolutionproviders #paymentsystems #ecommerce #ecommerceinsights #event #conference #congres #blockchain #pwa #cryptocurrency #KeshPOS #mPOS #poweredbyinnovectives #thursdaythoughts #bitcoins #Earn #Payments #bitcoin #binarytrade #forex #investment #wealth


Comments

Post a Comment

Popular posts from this blog

Apple Pay is coming to eBay.

As the online marketplace moves away from its official relationship with PayPal, it is moving into new relationships with new providers. As of this fall, Apple Pay will be one of the first new options on its new payment platform, making it possible for customers to either use Apple Pay in eBay’s mobile app, or for web purchases (provided they are using Safari as Apple Pay doesn’t work with Chrome or other browsers). The Apple Pay option will roll out slowly at first — only a small group of select Marketplace customers will get to use Apple Pay in the first phase of its introduction to eBay. The goal, however, is to make the transition to their own in-house payment platform by the end of 2021. The transition marks a definitive split from PayPal. eBay formally parted ways with PayPal in 2015, when it spun out as a stand-alone firm. eBay — as their contractually mandated partnership with PayPal is drawing to a close — is now working with Amsterdam-based company Adyen to...
Post a Comment
Read more

10 ways to protect your customers' credit card data

Accepting credit cards doesn't have to be a constant exercise in paranoia about whether your customers' credit card data is safe or not. Here are 10 solutions for protecting the credit card data of your customers. 1. You can’t go it alone Like anything in life—when there's a lot on your plate, you can't manage it all without help. Card data security, fraud protection and securing your customers’ information in your store is more than a one-person job. It's everyone's job. Get everyone in your business, including your customers, thinking about card data security and fraud at the point of sale. 2. EMV installation You're probably tired of hearing about EMV and chip cards at this point, but if you don't have one, you're putting yourself and your own profits in jeopardy. Chip cards, and the EMV-enabled credit card terminals that can read them, are designed to stop fraud at the point-of-sale. A "forged" card is difficult to pa...
Post a Comment
Read more

A Robust Payment Platform

Owing to the radical evolution of Fintech companies, heightened customer expectations for value-added services, and ever-changing regulatory landscape, the prominence of payment technologies has undeniably risen to new heights. These dynamics are reinvigorating the traditional financial landscape and enabling merchants to tap into the potential benefits of nascent technologies. At the same time, moving away from conventional methods of payments is bringing unprecedented opportunities to carry out international trade for both sellers and buyers. Although the disruption in the payments landscape seems stimulating for global trades, not all ventures gain from them as stringent compliance standards often undermine the use of technologies for cross-border transactions. Enunciating the same, Casey Seow, managing director of AWEpay, mentions that the new breed of technologies is revamping the entire payments space, enabling companies to cater to the untargeted market segments. He f...
Post a Comment
Read more