Posted 4.11.19
by Owen
References
Levels

of PCI Compliance

Do you know what level your business falls under to meet PCI compliance? While the 12 PCI compliant requirements are dictated by the PCI Security Standards Council (PCI SSC), compliance is enforced by the credit card issuer companies, including Visa, MasterCard, American Express, Discover and JCB International.

We’ve just launched our latest white paper on PCI Compliance!

This white paper is ideal for executives and IT decision-makers seeking a primer as well as up-to-date information regarding PCI compliance best practices and specific technology recommendations, including cloud-based PCI compliant hosting options.

Download the PCI Compliance white paper.

Read below for an excerpt about what PCI compliance is:

These are the four levels of PCI compliance as mandated by the card issuers Visa and Mastercard, with definitions according to the volume of credit card transactions per year:

  • PCI Compliance Level 1
    Over 6 million Visa and/or Mastercard transactions processed per year
  • PCI Compliance Level 2
    1 million to 6 million Visa and/or Mastercard transactions processed per year
  • PCI Compliance Level 3
    20,000 to 1 million Visa and/or Mastercard e-commerce transactions processed per year
  • PCI Compliance Level 4
    Less than 20,000 Visa and/or Mastercard e-commerce transactions processed per year all other companies that process up to 1 million Visa transactions per year

What do these levels of PCI compliance mean?
Companies that meet Level 1 must have yearly on-site reviews by an internal auditor and a required network scan by an approved scanning vendor. A full list of approved scanning vendors (ASV) and contact information is available online from the PCI Security Standards Council.

Any companies that meet PCI compliance Levels 2, 3 or 4 must complete the PCI DSS Self Assessment Questionnaire annually and undergo quarterly network security scans with an approved scanning vendor.

What happens if you breach a PCI compliance level requirement? 
Visa makes your life a bit harder by reserving the right to change your level standards to a stricter level, regardless of the number of transactions processed per year. For example, if you are classified as meeting Level 4 compliance, you must now abide by Level 1 requirements.

Working with a PCI compliant hosting provider can help you understand where your company currently stands and how to meet PCI compliant level requirements. Otava offers cloud, disaster recovery and colocation solutions that are compliant with PCI, HIPAA, SOC 2, ISO 27001 and EU-US Privacy Shield regulations.

Additional Resources

How to maintain PCI DSS compliance: The Payment Card Industry Data Security Standard (PCI DSS) is required for any organization that processes, stores, or handles transactional financial data. However, just because a company meets the PCI standards once doesn’t mean it’s permanently compliant. So if organizations claim PCI compliance, why is it so hard for them to maintain it? (Keep Reading)

What is PCI Compliance? The Payment Card Industry Data Security Standard (PCI DSS) applies to companies of any size that accept credit card payments. If your company intends to accept card payment… (Keep Reading)

PCI Glossary of Terms: Brush up on basic PCI, cloud and hosting-related terms you need to understand about PCI compliance… (Keep Reading)

About Otava

Otava provides secure, compliant hybrid cloud solutions for service providers, channel partners and enterprise clients. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers with a clear path to transformation through its highly effective solutions and broad portfolio of hybrid clouddata protectiondisaster recoverysecurity and colocation services, all championed by its exceptional support team. Learn more at www.otava.com.

Get started with Otava now!

  • This field is for validation purposes and should be left unchanged.