PCI-DSS v2.0





PCI Merchant Compliance Levels

All merchants that store, process or transmit payment cardholder data fall into one of four levels based on aggregrate Visa transaction volume over a 12-month period.

PCI Merchant Level 1:
Any merchant processing over 6,000,000 Visa transactions per year.

PCI Merchant Level 2:
Any merchant processing between 1,000,000 - 6,000,000 Visa transactions per year.

PCI Merchant Level 3:
Any merchant processing between 20,000 - 1,000,000 Visa transactions per year.

PCI Merchant Level 4:
Any merchant processing fewer than 20,000 Visa transactions per year.



Note: Any merchant whose data has been hacked into whereby account data has been compromised may be escalated to a higher validation level.

Merchants categorized as PCI compliance Levels 2,3, and 4 must also complete an annual self-assessment questionnaire (PCI SAQ) in addition to the required quarterly network vulnerability scan performed by an approved scanning vendor (ASV).