Contact us to switch to Element and learn how cost-effective, PCI-DSS compliant payment processing can be. A program representative will contact you within 48 hours.

Several factors determine which PCI DSS compliance level you fall into, and the specific requirements you must meet.

We were always worried about security, but until we began working with Element we never understood what PCI DSS was, or what we needed to do to comply with it. The experts at Element walked us through the entire process."

– Mark Sturman, Massage Envy Franchise Owner

PCI DSS compliance is of increasing concern to many merchants. Whether you are a traditional "brick and mortar" merchant, an online merchant, or some combination of the two, understanding which PCI compliance level applies to your business is the first step in assuring that your PCI compliance audits will be as simple as possible.

PCI Compliance Levels

Merchants fall under four categories of PCI compliance, depending on the number of transactions they process each year, and whether those transactions are performed from a brick and mortar location or over the Internet. Remember: all merchants that process credit cards―whether small or large―must be PCI compliant.

Now here is where PCI compliance for merchants can get a bit tricky: each payment card brand (Visa, MasterCard, etc.) has their own requirements and definitions of PCI compliance levels. Even though the PCI Security Standards Council (PCI SSC) developed these standards, compliance is actually mandated by the individual payment card brands - Visa, MasterCard, American Express, Discover and JCB International.

To give you a general idea of how to determine your PCI compliance level, here are Visa's PCI compliance level definitions:

PCI Compliance Level 1 - Merchants processing over 6 million Visa transactions annually (all channels) or Global merchants identified as Level 1 by any Visa region
PCI Compliance Level 2 - Merchants processing 1 million to 6 million Visa transactions annually (all channels)
PCI Compliance Level 3 - Merchants processing 20,000 to 1 million Visa e-commerce transactions annually
PCI Compliance Level 4 - Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually

Storefront merchants categorized as PCI compliance levels 2,3, and 4 must complete an annual self-assessment questionnaire (PCI SAQ) in addition to a required quarterly network scan performed by an approved scanning vendor. The nature of the questionnaires, as well as the deadlines for reaching PCI compliance, varies slightly depending on whether the merchant falls into PCI Compliance level 2, 3, or 4, but the basic requirements remain the same.

Internet-based merchants are also divided into PCI compliance levels 1- 4, with each PCI compliance level defined by the same transaction volumes as those for "brick and mortar" merchants. In addition, internet-based merchants at each PCI Compliance level must undergo a quarterly vulnerability scan performed by an approved scanning vendor. Though some PCI Compliance Level 1 internet-based merchants may be able to perform annual self-assessments (with the permission of their processor and card brand), the vast majority of internet-based merchants will be held to these PCI Compliance expectations.

PCI Compliance Solutions

Offering solutions that best fit your needs, Element Payment Services can dramatically reduce your PCI Compliance burden. Whether you're a storefront merchant or an internet-based merchant, Element's secure payment processing system provides point-to-point encryption and off-site storage of sensitive cardholder data (tokenization), making complying with PCI DSS easier.

If you have further questions, or would like to know more about Element's PCI Compliance solutions, view our PCI Compliance Guide or contact us. Our PCI compliance experts are standing by.

Website updated on: 2/22/2012

About Element | Contact Element | Sitemap | Terms and Conditions | 1.866.435.3636 x721