PCI DSS Requirements for Merchants | Level 1 through Level 4

PCI DSS Requirements for Merchants vary based on the number of transactions an organization processes on a yearly basis.  There are currently four (4) Merchant levels for Payment Card Industry Data Security Standards (PCI DSS) compliance.

What’s important to note is that “most” (there are some exceptions) Merchants that fall into Levels 2 through 4 can “self assess” via the PCI DSS self assessment questionnaires, which can be found on the official PCI DSS website (www.pcisecuritystandards.org).

However, Level I Merchants will actually have to undertake an on-site PCI DSS assessment by a Qualified Security Assessor, simply known as a QSA.  These are very in-depth, technical, and time-consuming assessments, so be prepared to spend a considerable amount of time and effort for the initial Level I compliance.  Listed below are helpful links to the Merchant Levels, what the thresholds are for transaction volume and what the requirements are for each Merchant level.

• Merchant Levels Defined
• Merchant Level Requirements