PCI DSS Levels

PCI DSS is a mandatory annual assessment and set of requirements which was introduced by 5 members of the PCI SSC. Visa, MasterCard, American Express, Discover and JCB.

It is enforced by all merchant acquirers in order to protect businesses and customers against credit card fraud.

Level 1: Merchants processing over 6 million card transactions per year.

Level 2: Merchants processing 1 to 6 million transactions per year.

Level 3: Merchants handling 20,000 to 1 million transactions per year.

Level 4: Merchants handling fewer than 20,000 transactions per year.

Once you understand what level merchant you are, there are two key things to understand.

A Level 1 Merchant will require an onsite audit completed by a QSA (Qualified Security Assessor) who will generally spend up to 3 months at your business doing a range of vulnerability tests.

If you would like to try the PCI process yourself, we would recommend reading through the PCI council guidence documents to see what assessment you need to undertake.PCI V 3.2.1