The PCI DSS follows common-sense steps and best practices.

From the world's largest corporations to small Internet stores, compliance with the PCI Data Security Standard (PCI DSS) is vital for all merchants who accept credit cards, online or offline.

There are the four levels of PCI compliance as mandated by the card brands Visa and Mastercard, with definitions according to the volume of credit card transactions per year.

 

All merchants will fall into one of the four merchant levels based on Visa transaction volume over a 12-month period. Transaction volume is based on the aggregate number of Visa transactions (inclusive of credit, debit and prepaid) from a merchant Doing Business As (‘DBA’).

 

 

Level 1

 

 

 

Merchants processing over 6 million Visa transactions annually (all channels) or Global merchants identified as Level 1 by any Visa region

Annual Report on Compliance (“ROC”) by Qualified Security Assessor (“QSA”) or Internal Auditor if signed by officer of the company
 
>> The internal auditor is highly recommended to obtain the PCI SSC Internal Security Assessor (“ISA”) certification
Quarterly network scan by Approved Scan Vendor (“ASV”)
Attestation of Compliance Form

 

Level 2

 

Merchants processing 1 million to 6 million Visa transactions annually (all channels)

Annual Self-Assessment Questionnaire (“SAQ”)
Quarterly network scan by ASV
Attestation of Compliance Form

 

Level 3

 

Merchants processing 20,000 to 1 million Visa e-commerce transactions annually

Annual SAQ
Quarterly network scan by ASV
Attestation of Compliance Form

 

Level 4

 

Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually

Annual SAQ recommended
Quarterly network scan by ASV if applicable
Compliance validation requirements set by merchant bank

 

It's important to note, while the 12 PCI compliant requirements are dictated by the PCI Security Standards Council (PCI SSC), compliance is enforced by the card brands, including Visa, MasterCard, American Express, Discover and JCB International.