PCI Levels

Level 1

Merchants that handle:

  • 6 million+ Visa, Mastercard, or Discover transactions per year
  • 2.5 million+ American Express transactions per year
  • 1 million+ JCB transactions per year

Merchants that have suffered a data breach or cyberattack resulting in compromised cardholder data or that have been identified by a card issuer as Level 1.

Requirements

  • Annual Report on compliance (ROC) by a Qualified Security Assessor (QSA)
  • Quarterly network scan by an Approved Scan Vendor (ASV)
  • Attestation of Compliance Form

Level 2

Merchants that handle:

  • 1-6 million Visa, Mastercard, or Discover transactions per year
  • 50,000 -2.5 million American Express transactions per year
  • Less than 1 million JCB transactions per year

Requirements

  • Annual Self-Assessment Questionnaire (SAQ)
  • Quarterly network scan by an Approved Scan Vendor (ASV)
  • Attestation of Compliance Form

Level 3

Merchants that handle:

  • 20,000 – 1 million Visa e-commerce transactions per year
  • 20,000 + Mastercard e-commerce transactions per year, and up to 1 million
  • 20,000 – 1 million Discover card-not-present transactions per year
  • Less than 50,000 American Express transactions per year

Requirements

  • Annual Self-Assessment Questionnaire (SAQ)
  • Quarterly network scan by an Approved Scan Vendor (ASV)
  • Attestation of Compliance Form

Level 4

Merchants that handle:

  • less than 20,000 Visa or Mastercard e-commerce transactions per year
  • Up to 1 million Visa or Mastercard transactions per yea

Requirements

  • Established by the merchant’s acquiring bank
  • Usually include an SAQ and Quarterly Network Scan by an ASV

More than Compliance Readiness

Columbia Advisory Group’s managed compliance services will not only take you through the compliance readiness process but also ensures your organizations abides by regulatory requirements, certification bodies in preparation for third-party audits against security standards and cyber-insurance renewals.

Columbia Advisory group delivers unified security & compliance reporting that allows your business to track its readiness against any security or risk-based standard in real time.

Ready to Talk with an Expert?

Learn how we align our exceptional experience as a leading IT Managed Service Provider to bring measurable benefits to your organization

Case Studies