We were always worried about security, but until we began working with Element we never understood what PCI DSS was, or what we needed to do to comply with it. The experts at Element walked us through the entire process."

Mark Sturman, Massage Envy Franchise Owner

PCI DSS compliance is of increasing concern to many merchants. Whether you are a traditional "brick and mortar" merchant, an online merchant, or some combination of the two, understanding which PCI compliance level applies to your business is the first step in assuring that your PCI compliance audits will be as simple as possible.

PCI Compliance Levels

Merchants fall under four categories of PCI compliance, depending on the number of transactions they process each year, and whether those transactions are performed from a brick and mortar location or over the Internet. Remember: all merchants that process credit cards―whether small or large―must be PCI compliant.

Now here is where PCI compliance for merchants can get a bit tricky: each payment card brand (Visa, MasterCard, etc.) has their own requirements and definitions of PCI compliance levels. Even though the PCI Security Standards Council (PCI SSC) developed these standards, compliance is actually mandated by the individual payment card brands - Visa, MasterCard, American Express, Discover and JCB International.

To give you a general idea of how to determine your PCI compliance level, here are Visa's PCI compliance level definitions:

Storefront merchants categorized as PCI compliance levels 2,3, and 4 must complete an annual self-assessment questionnaire (PCI SAQ) in addition to a required quarterly network scan performed by an approved scanning vendor. The nature of the questionnaires, as well as the deadlines for reaching PCI compliance, varies slightly depending on whether the merchant falls into PCI Compliance level 2, 3, or 4, but the basic requirements remain the same.

Internet-based merchants are also divided into PCI compliance levels 1- 4, with each PCI compliance level defined by the same transaction volumes as those for "brick and mortar" merchants. In addition, internet-based merchants at each PCI Compliance level must undergo a quarterly vulnerability scan performed by an approved scanning vendor. Though some PCI Compliance Level 1 internet-based merchants may be able to perform annual self-assessments (with the permission of their processor and card brand), the vast majority of internet-based merchants will be held to these PCI Compliance expectations.

PCI Compliance Solutions

Offering solutions that best fit your needs, Element Payment Services can dramatically reduce your PCI Compliance burden. Whether you're a storefront merchant or an internet-based merchant, Element's secure payment processing system provides point-to-point encryption and off-site storage of sensitive cardholder data (tokenization), making complying with PCI DSS easier.

If you have further questions, or would like to know more about Element's PCI Compliance solutions, view our PCI Compliance Guide or contact us. Our PCI compliance experts are standing by.

  Please complete the information below to access the PCI Compliance Guides. Element does not share information with third parties. (Fields Marked (*) are required)  
First Name: *
Last Name: *
Company: *
Company Website: 
Email Address: *
Phone: *
  Choose which guide(s) you would like to download: *

Comments: *

Please type the two words below in the box provided: *
Home | About Us | Contact Us | Investor Relations | Career Opportunities | Privacy Policy | Sitemap | Blog

Element Payment Services | 

Ease the PCI Compliance burden with Element Payment Service’s fully integrated payment processing solutions
500 North Juniper Drive, Suite 100 Chandler, AZ
 |  Phone: 866-435-3636
Element Payment Services, Inc., a Vantiv Company, is a registered ISO/MSP of Fifth Third Bank, Cincinnati, OH. |  © 2014 Element Payment Services, Inc.