Merchant Levels are designated by the PCI Standard as Follows:
Level 1 Merchant Selection Criteria
1. Any merchant, "regardless of acceptance channel, processing over 6,000,000 Visa transactions per year.
2. Any merchant that has suffered a hack or an attack that resulted in an account data compromise.
3. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.
4. Any merchant identified by any other payment card brand as
Level 1 Merchant Validation Actions
1. Annual On-Site Security Audit.
2. Quarterly Network Scan. Sign up for Free Quarterly PCI Network Scan Offer
Validation By
1. Independent Security Assessor or Internal Audit if signed by Officer of the company.
2. Qualified Independent Scan Vendor. Sign up for Free Quarterly PCI Network Scan Offer
Deadline
Merchants should have validated compliance by September 30, 2004.
Level 2 Merchant Selection Criteria
1. Any merchant-regardless of acceptance channel-processing 1,000,000 to 6,000,000 Visa transactions per year.
Level 2 Merchant Validation Actions
1. Annual PCI Self-Assessment Questionnaire. (PDF, 296kb, pcisecuritystandards.org).
2. Quarterly Network Scan. Sign up for Free Quarterly PCI Network Scan Offer
Validation By
1. Merchant.
2. Qualified Independent Scan Vendor. Sign up for Free Quarterly PCI Network Scan Offer
Validation is required no later than June 30, 2005.
Level 3 Merchant Selection Criteria
1. Any merchant processing 20,000 to 1,000,000 Visa e-commerce transactions per year.
Level 3 Merchant Validation Actions
1. Annual PCI Self-Assessment Questionnaire. (PDF 296kb, pcisecuritystandards.org).
2. Quarterly Network Scan. Sign up for Free Quarterly PCI Network Scan Offer
Validation By
1. Merchant.
2. Qualified Independent Scan Vendor. Sign up for Free Quarterly PCI Network Scan Offer
Deadline
Validation is required no later than June 30, 2005.
Level 4 Merchant Selection Criteria
Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants-regardless of acceptance channel-processing up to 1,000,000 Visa transactions per year.
Level 4 Merchant Validation Actions
1. Recommended Annual PCI Self-Assessment Questionnaire. (PDF 296kb, www.pcisecuritystandards.org).
2. Recommended Annual Network Scan. Sign up for Free Quarterly PCI Network Scan Offer
Validation By
1. Merchant.
2. Qualified Independent Scan Vendor. Sign up for Free Quarterly PCI Network Scan Offer
Deadline
While compliance is mandatory for Level 4 Merchants Validation is optional but strongly recommended.
