Level 1: Merchants that process over 6 million card transactions annually. Level 2: Merchants that process 1 to 6 million transactions annually. Level 3: Merchants that process 20,000 to 1 million transactions annually. Level 4: Merchants that process fewer than 20,000 transactions annually.

What is Level 4 PCI compliance?

Level 4 applies to merchants that process fewer than 20,000 Visa or Mastercard e-commerce transactions per year or up to 1 million total Visa or Mastercard credit card transactions and that have not suffered a data breach or attack that compromised card or cardholder data.

What is my PCI merchant Level?

The PCI DSS (Payment Card Industry Data Security Standard) merchant levels are rankings of merchant transactions per year broken down into four levels. The payment card industry (PCI) uses merchant levels to determine risk from fraud and to ascertain the appropriate level of security for their businesses.

What is Level 3 PCI compliance?

PCI Level 3 applies to merchants that handle between 20,000 and one million annual e-commerce transactions. They must complete the annual evaluation using the appropriate SAQ. It may also require a quarterly PCI ASV scan.

What does Level 1 PCI compliance mean?

PCI DSS Compliance Levels

Level 1: Businesses that process over 6 million card transactions per year across all channels or any business that has had a data breach. Level 2: Businesses that process between 1 million and 6 million card transactions per year across all channels.

How many PCI requirements are there?


For most companies, there are 12 main PCI controls to implement. These 12 requirements, spread across six groups, make up the core of the PCI DSS v. 3.2.

What are the 4 things that PCI DSS covers?

PCI-DSS covers various things about your business, like: Handling of data by your computer systems. Separation of program execution and data storage. Guarding against employee theft of data.

What is a Level 3 merchant?

Level 3. Any merchant with more than 20,000 combined Mastercard and Maestro e-commerce transactions annually but less than or equal to one million total combined Mastercard and Maestro e-commerce transactions annually.

What are the 6 compliance groups for PCI DSS?

What Are The 6 Major Principles of PCI DSS?

  • Secure Network Requirements:
  • Cardholder Data Requirements:
  • Vulnerability Management Requirements:
  • Assess Controls Requirements:
  • Monitoring and Testing Requirements.
  • Security Policies Requirements.

What is PCI Service Provider Level 1?

Stated, PCI DSS Level 1 is a set of requirements designed to ensure the highest level of security for businesses that store, transmit, or process credit card data. The highest compliance level, PCI DSS Level 1, identifies any merchant who processes more than 6 million Visa transactions per year.

What is a Level 2 service provider?

Level 2 Service Provider

These are service providers that store, process, or transmit less than 300,000 credit card transactions annually.

How do I become PCI Level 1 compliant?

How Do Level 1 Merchants Comply with PCI DSS?

  1. Processes 6 million or more Visa, Mastercard, or Discover transactions annually;
  2. Processes 2.5 million or more American Express transactions annually;
  3. Processes 1 million or more JCB transactions annually;