Cybertrust.com > Solutions > Compliance/Governance > PCI Compliance > PCI Merchant & Service Provider Levels
PCI Merchant & Service Provider Levels
|
|
|
| Level 1 |
More than six million V/MC transactions annually across all channels, including e-commerce |
Annual Onsite PCI Data Security Assessment and Quarterly Network Scans |
| Level 2 |
1,000,000 - 5,999,999 V/MC transactions annually |
Annual Self-Assessment and Quarterly Network Scans |
| Level 3 |
20,000 - 1,000,000 V/MC e-commerce transactions annually |
Annual Self-Assessment and Quarterly Network Scans |
| Level 4 |
Less than 20,000 V/MC e-commerce transactions annually, and all merchants across channel up to 1,000,000 VISA transactions annually |
Annual Self-Assessment and Annual Network Scans |
|
| | | | Level 1 | All VisaNet processors (member and Nonmember) and all payment gateways.*
| Annual Onsite PCI Data Security Assessment and Quarterly Network Scans | | Level 2 | Any service provider that is not in Level 1 and stores, processes, or transmits more than 1,000,000 V/MC accounts/transactions annually
| Annual Onsite PCI Data Security Assessment and Quarterly Network Scans
| | Level 3 | Any service provider that is not in Level 1 and stores, processes, or transmits fewer than 1,000,000 V/MC accounts/transactions annually.
| Annual Self-Assessment Questionnaire and Quarterly Network Scans
|
|
* Payment gateways are a category of agent or service provider that stores, processes, and/or transmits cardholder data as part of a payment transaction. Specifically, they enable payment transactions (e.g., authorization or settlement) between merchants and processors (VisaNet endpoints). Merchants may send their payment transactions directly to an endpoint, or indirectly to a payment gateway.
|
|
|
