NDB Advisory What Is PCI? Service Providers

Important PCI Compliance Information for Service Providers

Information contained herein represents the most up to date and current statistical data obtained from all the major payment brands; Visa, MasterCard, American Express, Discover, and JCB International concerning Service Providers transaction volumes, identifying what levels a Service Provider is for purposes of compliance, along with validation requirements for each Service Provider, based on transaction volume.

VISA SERVICE PROVIDER LEVELS DEFINED

Level Canada, CEMEA, Europe, USA Asia Pacific Latin American/Caribbean

1

All VisaNet processors (member and non-member) and all payment gateways

Large: Service Providers processing over 600,000 Visa transactions annually

All VisaNet processors (member and non-member), payment gateways, and Internet Payment Service Providers regardless of transaction volume

2

Service Providers (agents) not in Level 1 that store, process, or transmit > 1 million accounts/transactions annually

Medium: Service providers processing between 120,000 and 600,000 Visa transactions annually

N/A

3

Service Providers (agents) not in Level 1 that store, process, or transmit < 1 million accounts/transactions annually

Small-Service Providers processing less than 120,000 transactions annually

N/A

AMERICAN EXPRESS, DISCOVER, JCB, AND MASTERCARD
SERVICE PROVIDER LEVELS DEFINED

Level AMEX Discover JCB MasterCard

1

All Third Party Processors (TPP)

Discover does NOT categorize Service Providers into levels. Thus, ALL Third Party Processors (TPP) and Payment Service Providers (PSPs)

All Third Party Processors (TPP)

All Third Party Processors (TPP) and all DSE's that store, transmit, or process greater than 1,000,000 total combined MasterCard and Maestro transactions annually. Additionally, all "compromised TPPs and DSEs"

2

All DSE's that store, transmit or process less than 1,000,000 total combined MasterCard and Maestro transactions annually

VISA SERVICE PROVIDER VALIDATION REQUIREMENTS DEFINED

Level Canada, Europe, USA

1

  • Annual onsite review by QSA
  • Quarterly network scan by ASV
  • Annual Self-Assessment Questionnaire
    (Canada: SAQ required and must be reviewed by QSA)

2

  • Annual onsite review by QSA
  • Quarterly network scan by ASV
  • Annual Self-Assessment Questionnaire
    (Canada: Must be reviewed by QSA)

3

  • Annual onsite review by QSA
  • Quarterly network scan by ASV
  • Annual Self-Assessment Questionnaire
    (Canada: Must be reviewed by QSA)

AMERICAN EXPRESS, DISCOVER, JCB, MASTERCARD
SERVICE PROVIDER VALIDATION REQUIREMENTS

AMEX Discover JCB MasterCard
  • Annual on-site review by QSA (or internal auditor if signed by officer of merchant company)
  • Quarterly network scan by ASV
  • Quarterly network scans by ASV AND one of the following:
    • Annual on-site review by QSA (or internal auditor if signed by officer of Service Provider)
    • Annual self-assessment questionnaire
  • TPP validation requirements will be outlined in forthcoming JCB rules and regulations
  • Level 1 SP's:Annual on-site review by QSA AND Quarterly network scan by ASV
  • Level 2 SP's:Annual self-assessment questionnaire AND Quarterly network scan

Sample image

Send us an This email address is being protected from spambots. You need JavaScript enabled to view it. or give us a call at (800) 277-5415 x705

 

Location

  • (800) 277-5415, ext. 705

 

Contact Us