PCI DSS compliance is of increasing concern to many merchants. Whether you are a
traditional "brick and mortar" merchant, an online merchant, or some combination
of the two, understanding which PCI compliance level applies to your business is
the first step in assuring that your PCI compliance audits will be as simple as
PCI Compliance Levels
Merchants fall under four categories of PCI compliance, depending on the number
of transactions they process each year, and whether those transactions are performed
from a brick and mortar location or over the Internet. Remember: all merchants that
process credit cards―whether small or large―must be PCI compliant.
Now here is where PCI compliance for merchants can get a bit tricky: each payment
card brand (Visa, MasterCard, etc.) has their own requirements and definitions of
PCI compliance levels. Even though the PCI Security Standards Council (PCI SSC)
developed these standards, compliance is actually mandated by the individual payment
card brands - Visa, MasterCard, American Express, Discover and JCB International.
To give you a general idea of how to determine your PCI compliance level, here are
Visa's PCI compliance level definitions:
Storefront merchants categorized as PCI compliance levels 2,3, and 4 must complete
an annual self-assessment questionnaire (PCI
SAQ) in addition to a required quarterly network scan performed by an approved
scanning vendor. The nature of the questionnaires, as well as the deadlines for
reaching PCI compliance, varies slightly depending on whether the merchant falls
into PCI Compliance level 2, 3, or 4, but the basic requirements remain the same.
Internet-based merchants are also divided into PCI compliance levels 1- 4, with
each PCI compliance level defined by the same transaction volumes as those for "brick
and mortar" merchants. In addition, internet-based merchants at each PCI Compliance
level must undergo a quarterly vulnerability scan performed by an approved scanning
vendor. Though some PCI Compliance Level 1 internet-based merchants may be able
to perform annual self-assessments (with the permission of their processor and card
brand), the vast majority of internet-based merchants will be held to these PCI
PCI Compliance Solutions
Offering solutions that best fit your needs, Element Payment Services can dramatically
reduce your PCI Compliance burden. Whether you're a storefront merchant or an internet-based
merchant, Element's secure payment
processing system provides point-to-point encryption and off-site storage
of sensitive cardholder data (tokenization), making complying with PCI DSS easier.
If you have further questions, or would like to know more about Element's PCI Compliance
solutions, view our PCI Compliance Guide or
contact us. Our PCI compliance experts are standing by.