PCI DSS Merchant Compliance Levels
The Payment Card Industry (PCI) Data Security Standards (DSS) are now required for all merchants, including:
- Retail (brick-and-mortar)
- Mail/telephone order
- e-Commerce
All major credit card associations such as Visa, MasterCard, American Express, Discover, Diners Club and JCB all endorse, and require the unified PCI Data Security Standards.
Why Comply?
Both Visa and MasterCard impose fines to merchants for non-compliance. For fine information see the
Visa or
MasterCard compliance regulations.
PCI Data Security Standards Summary
The following table summarizes the PCI Data Security Standards by merchant level as determined by your annual charges:
Merchant
Level |
Criteria |
Compliance
Requirements |
| 1 |
Any merchant -- regardless of acceptance channel -- processing over 6,000,000 transactions per year
CISP Compliance Deadline: June 2001
|
Annual On-site Security Audit
and
Quarterly Network Scan
|
| 2 |
Any e-Commerce merchant processing 150,000 to 6,000,000 transactions per year
CISP Compliance Deadline: June 2001
|
Annual PCI Self-Assessment Questionnaire
and
Quarterly Network Scan
|
| 3 |
Any e-Commerce merchant processing 20,000 to 150,000 transactions per year
CISP Compliance Deadline: June 2001
|
Annual PCI Self-Assessment Questionnaire
and
Quarterly Network Scan
|
| 4 |
All other merchants, regardless of acceptance channel
CISP Compliance Deadline: June 2001
|
Annual PCI Self-Assessment Questionnaire
and
Quarterly Network Scan
|
|
* Note:
|
While validation is "recommended" for Level 4 merchants the fines are identical for Level 1, 2, 3 and 4 merchants.
|
| |
Additional Compliance Information
• Merchant Compliance Summary
• Service Provider Compliance
• Merchant Compliance Guide (PDF)
• More on Site Certification
Free Compliance Consultation
Call 801.705.5665 if you would like to speak to one of our Compliance Specialists about your unique situation, special considerations or custom solutions.
Merchant Compliance Guarantee
SecurityMetrics Site Certification is guaranteed. We guarantee to provide the information required for compliance.
If you require compliance information, technical assistance, additional scanning results or any other information we will provide it for you at no charge to ensure you can become compliant as soon as possible.
|
|