This topic is always in the air so here are the official numbers for 2009 from PCI Security Standards Council the official governing body on the PCI requirements for merchants:
Facts:
- Payment Brands determine Merchant PCI levels. Payment Brands are Visa, Mastercard, Discover , Amex etc. They do have the last word on this topic
- Transaction volume is determined by Acquirer
- Transaction volume is aggregate number of transactions (chain stores do count if cards are processed centrally)
Amex
Level 1- Over 2.5 Million Amex card transactions/year, or any merchant who is Level 1 according to another Payment Brand
Action: Annual Onsite QSA or Internal Audit signed by Merchant Co, Quarterly ASV scans
Level 2- 50000-2.5Million Amex transactions/year, or any merchant who is Level 2 according to another Payment Brand
Action: EU only annual SAQ, Quarterly ASV scans
Level 3- Less than 50000 AMEX transactions/year
Action Quarterly ASV scans (recommended) , EU only SQA (recommended)
Level 4- N/A
Action: None
Discover
Level 1 - Over 6 Million Discover card transactions/year, anybody who Discover thinks that they level 1 (discretionary) or any merchant who is validated/reported as Level-1 to another Payment Brand
Action: Annual Onsite QSA or Internal Audit signed by Merchant Co, Quarterly ASV scans
Level 2- 1-6 Million Discover transactions/year, or any merchant who is validated/reported as Level-2 to another Payment Brand
Action: Annual SAQ, Quarterly ASV scans
Level 3- 20000-1 Million Discover transactions/year, or any merchant who is validated/reported as Level-3 to another Payment Brand
Action: Annual SAQ, Quarterly ASV
Level 4- Everybody else with Discover card processing
Action: Determined by Acquirer, Annual SAQ, Quarterly ASV recommended
JCB
Level 1 - Over 1 Million JCB card transactions/year or anybody who is compromised
Action: Annual Onsite QSA audit, Quarterly ASV scans
Level 2- Less than 1 Million JCB transactions/year
Action: Annual SAQ, Quarterly ASV scans
Level 3- N/A
Action: none
Level 4- N/A
Action: None
MasterCard
Level 1- Over 6 Million Mastercard card transactions/year, or any merchant who is Level 1 according to another Payment Brand or anybody who is compromised
Action: Annual Onsite QSA or Internal Audit signed by Merchant Co, Quarterly ASV scans
Level 2- 1-6 Million Mastercard transactions/year, or any merchant who is validated/reported as Level-2 to another Payment Brand
Action: Annual SAQ, Quarterly ASV scans
Level 3- 20000-1 Million Mastercard “e-commerce” transactions/year, or any merchant who is validated/reported as Level-3 to another Payment Brand
Action: Annual SAQ, Quarterly ASV
Level 4- All other Mastercard merchants
Action: Compliance validation is at discretion of acquirer: Annual SAQ, Quarterly ASV recommended
Visa Inc
Level 1- Over 6 Million Visa card transactions/year (all transactions not just e-commerce), or any global merchant who is identified as Level 1 by Visa by any Visa Region
Action: Annual Onsite QSA or Internal Audit signed by Merchant Co, Quarterly ASV scans and attestation of compliance form
Level 2- 1 Million to 6 Million Visa card transactions/year (all transactions not just e-commerce),
Action: Annual SAQ, Quarterly ASV scans and attestation of compliance form
Level 3- 20000-1 Million Visa “e-commerce” transactions/year
Action: Action: Annual SAQ (In Canada SAQs require QSA reviews), Quarterly ASV
Level 4- Merchants processing less than 20000 e-commerce transactions/year or merchants processing up to 1M any channel Visa transactions/year
Action: Compliance validation is at discretion of acquirer: Annual SAQ, Quarterly ASV recommended
Visa
Level 1- Over 6 Million Visa card transactions/year (all transactions not just e-commerce), or compromised merchants
Action: Annual Onsite QSA or Internal Audit signed by Merchant Co, Quarterly ASV scans and attestation of compliance form
Level 2- 1 Million to 6 Million Visa card transactions/year (all transactions not just e-commerce),
Action: Annual SAQ, Quarterly ASV scans and attestation of compliance form
Level 3- 1 (one) to 1 Million Visa “e-commerce” transactions/year
Action: Annual SAQ, Quarterly ASV or use PCI DSS certified processor for all transactions
Level 4- Merchants processing up to 1 Million any channel Visa transactions/year
Action: Compliance validation is at discretion of acquirer: Annual SAQ, Quarterly ASV recommended
Of course all parties who process store or transmit credit cards must follow PCI requirements (PCI-DSS) regardless of their levels.
I will cover reporting requirements for merchants in another post.
1 comment:
Hi !.
You may , perhaps curious to know how one can collect a huge starting capital .
There is no need to invest much at first. You may commense to get income with as small sum of money as 20-100 dollars.
AimTrust is what you need
AimTrust incorporates an offshore structure with advanced asset management technologies in production and delivery of pipes for oil and gas.
It is based in Panama with affiliates around the world.
Do you want to become a happy investor?
That`s your choice That`s what you really need!
I feel good, I began to take up income with the help of this company,
and I invite you to do the same. If it gets down to choose a proper companion who uses your savings in a right way - that`s the AimTrust!.
I make 2G daily, and my first deposit was 1 grand only!
It`s easy to start , just click this link http://sikebofof.o-f.com/igafyz.html
and go! Let`s take this option together to become rich
Post a Comment