Important PCI Compliance Information for Merchants

Information contained herein represents the most up to date and current statistical data obtained from all the major payment brands; Visa, MasterCard, American Express, Discover, and JCB International concerning merchant transaction volumes, identifying what levels a merchant is for purposes of compliance, along with validation requirements for each merchant, based on transaction volume.

ABOUT VISA MERCHANT REQUIREMENTS

As defined by VISA:

All merchants will fall into one of the four merchant levels based on Visa transaction volume over a 12-month period. Transaction volume is based on the aggregate number of Visa transactions (inclusive of credit, debit and prepaid) from a merchant Doing Business As ("DBA"). In cases where a merchant corporation has more than one DBA, members must consider the aggregate volume of transactions stored, processed or transmitted by the corporate entity to determine the validation level. If data is not aggregated, such that the corporate entity does not store, process or transmit cardholder data on behalf of multiple DBAs, members will continue to consider the DBA’s individual transaction volume to determine the validation level.

VISA MERCHANT LEVELS DEFINED

LevelDescription

1

Any merchant-regardless of acceptance channel-processing over 6,000,000 Visa transactions per year.

Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.

2

Any merchant-regardless of acceptance channel-processing 1,000,000 to 6,000,000 Visa transactions per year.

3

Any merchant processing 20,000 to 1,000,000 Visa e-commerce transactions per year.

4

Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants-regardless of acceptance channel-processing up to 1,000,000 Visa transactions per year.

Source: http://usa.visa.com/merchants/risk_management/cisp_merchants.html

AMERICAN EXPRESS, DISCOVER, JCB, MASTERCARD MERCHANT LEVELS DEFINED

LevelAMEXDiscoverJCBMasterCard

1

Merchants processing over 2.5 million American Express Card transactions annually or any merchant that American Express otherwise deems a Level 1

Merchants are currently not categorized into levels based on transaction volume. Discover takes a "risk based approach" for validating compliance.

Merchants processing over 1 million JCB transactions annually, or compromised merchants

Merchants processing over 6 million MasterCard transactions annually, identified b another payment card brand as Level 1, or merchants that have experienced an account data compromise

2

Merchants providing 50,000 to 2.5 million American Express transactions annually or any merchant that American Express otherwise deems Level 2

Merchants processing less than 1 million JCB transactions annually

Merchants processing 1 million to 6 million MasterCard transactions annually

3

Merchants processing less than 50,000 American Express transactions annually

N/A

Merchants processing 20,000 to 1 million MasterCard e-commerce transactions annually

4

N/A

N/A

All other MasterCard Merchants

VISA, AMERICAN EXPRESS, DISCOVER, JCB, MASTERCARD
MERCHANT VALIDATION REQUIREMENTS DEFINED

LevelAMEXDiscoverJCBMasterCardVisa

1

Annual onsite review by QSA (PCI DSS Assessment) and Quarterly Network Scan by ASV

Quarterly Network Scan by ASV AND one of the following:

  • Annual onsite review by QSA-PCI DSS Assessment
  • Annual Self Assessment Questionnaire

Annual onsite review by QSA (PCI DSS Assessment) and Quarterly Network Scan by ASV

2

Quarterly Network Scan by ASV

Annual Self Assessment Questionnaire and Quarterly Network Scan by ASV

3

Quarterly Network Scan by ASV

Quarterly Network Scan by ASV AND one of the following:

  • Annual onsite review by QSA-PCI DSS Assessment
  • Annual Self Assessment

N/A

Annual Self Assessment Questionnaire and Quarterly Network Scan by ASV

4

Quarterly Network Scan by ASV

N/A

Annual Self Assessment Questionnaire and Quarterly Network Scan by ASV

Author: Charles Denyer

Sample image

Send us an This email address is being protected from spambots. You need JavaScript enabled to view it. or give us a call at (800) 277-5415 x705

 

Location

  • (800) 277-5415, ext. 705
PCI DSS Compliance Experts

 

Contact Us