Compliance

Validation levels for Merchants

Visa's Cardholder Information Security Program (CISP) and Account Information Security (AIS) program, along with MasterCard's Site Data Protection (SDP) program have been aligned into the Payment Card Industry (PCI) Data Security Standard, which outlines best practices for securing credit card data that is stored, processed or transmitted.

The level of Validation Actions required of merchants to comply with PCI DSS depends on the number of transactions processed per annum, with merchants divided into four categories.

PCI Data Security Standard Compliance for Merchants

MERCHANT LEVEL 1

Selection Criteria: Any merchant (regardless of acceptance channel) processing more than 6,000,000 Visa transactions per year. Any merchant that has suffered a hack or an attack that resulted in an account data compromise. Any merchant identified by any card association as Level 1.

Validation Actions: Annual On-Site Security Audit and Quarterly Network Scan.

Validated By: Independent Security Assessor or Internal Audit if signed by an Officer of the company Qualified Independent Scan Vendor Level 1 Merchants should have validated compliance by September 30, 2004.

MERCHANT LEVEL 2

Selection Criteria: 1 million – 6 million Visa or MasterCard transactions per year.

Validation Actions: Annual PCI Self-Assessment Questionnaire and Quarterly Network Scan.

Validated By: Merchant Qualified Independent Scan Vendor. Validation is required no later than June 30, 2005.

MERCHANT LEVEL 3

Selection Criteria: 20,000 – 1 million Visa or MasterCard e-commerce transactions per year.

Validation Actions: Annual PCI Self-Assessment Questionnaire and Quarterly Network Scan.

Validated By: Merchant Qualified Independent Scan Vendor. Validation is required no later than June 30, 2005.

MERCHANT LEVEL 4

Selection Criteria: Less than 20,000 Visa or MasterCard e-commerce transactions per year, and all other merchants processing up to 1 million Visa or MasterCards transactions per year.

Validation Actions: Recommended Annual PCI Self-Assessment Questionnaire and Recommended Annual Network Scan.

Validated By: Merchant Qualified Independent Scan Vendor. Note: While compliance is mandatory for Level 4 Merchants, validation is optional but strongly recommended.

Any Questions?

Contact us for a competitive quotation and find out how PayChannel can benefit your business.

Copyright © 2010 G4S Technology. All rights reserved.