My Merchant Account Blog
Breaking Down the Levels of PCI DSS
Tuesday, December 02, 2008
The Payment Card Industry Data Security Standard (PCI DSS) helps to ensure that cardholder data is secure, whether in processing the transaction or storing the credit card number. PCI has been around for quite a few years, but now more and more merchants are hearing about it.PCI DSS Merchant Levels
Merchants are divided into four categories:- Level One: Processing more than six million transactions per year or has had a security breach with cardholder data compromised
- Level Two: Processing less than six million but more than 150,000 per year
- Level Three: Processing less than 150,000 but more than 20,000 transactions per year
- Level Four: Processing less than 20,000 transactions per year
Level One Merchants
Compliance validation has been required for merchants that process over 6 million (Visa) transactions a year since September 30, 2004. MasterCard required Level One merchants be compliant by June 30, 2005. An on-site security audit is also required annually with a network scan every quarter.Level Two Merchants
Visa required Level Two merchants be PCI compliant by September 20, 2007. MasterCard is requiring the Level Two merchants be compliant by December 31, 2008.Level Three Merchants
Both Visa and MasterCard required Level Three merchants to be compliant by June 30, 2005.Level Four Merchants
There is no set date for Level Four merchants. This is determined by your merchant account provider or the acquiring bank. However, if you are not compliant and a breach occurs, you can be fined $500,000 or more by the card associations. If you are compliant and compromised, those fees might be waived or reduced. It would be in your best interest to become compliant if you have not already.PCI DSS Version 1.2
Beginning on October 1, 2008, the PCI Security Standards Council released version 1.2 (see summary of PCI changes). You can review the Self-Assessment Questionnaire A and Attestation of Compliance to help you get started. Typically, Levels Two, Three, and Four Merchants will need to complete this Questionnaire.
Comments
Search My Merchant Account Blog
My Merchant Account Blog Categories
- Chargebacks (8)
- Electronic Payment Gateways (6)
- In The News (6)
- LinkPoint Gateway (4)
- Merchant Accounts (32)
- Miscellaneous (17)
- PCI DSS (12)
- Quantum Gateway (8)
- Security (8)
- Web Hosting and Design (5)
My Merchant Account Blog Archives
- January 2010
- December 2009
- September 2009
- August 2009
- May 2009
- April 2009
- January 2009
- December 2008
- September 2008
- April 2008
- March 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
My Merchant Account Blog Recent Entries
- Reducing Fraudulent Transactions in ECommerce with the Quantum Gateway
- Vetting the Transaction - More Options
- Vetting the Transaction - Verified by Visa and MasterCard Secure Code
- Vetting the Transaction - Card Verification Value or Card Identification Number
- Card Verification Value - Card Verification Code - Card Identification Number
- Vetting the Transaction - GeoIP
- Vetting the Transaction - Calling Your Customer
- Vetting the Transaction - Address Verification Service
- First Data Might Be Over Charging Merchants
- Alternative Merchant Account Reseller for LinkPoint - YourPay - First Data Global Gateway
Toll Free Fax Numbers
Get a Toll Free Fax Number - Easy Set-Up
Merchant Account
Resources Directory
Check out the new
Merchant Account Resources Directory
Feel Free to submit you link!