Blog
Payment Card Industry Data Security Standard (PCI DSS) compliance and cybersecurity program Merchant Compliance Levels Definition
Date published:
Dec 1, 2021
No items found.
SHARE ON
SHARE ON
Both Visa and Mastercard have specific merchant category definitions for all businesses that store, process, or transmit card holder data. PCI DSS compliance requirements vary by merchant level.
Please click on the links below for full details on their respective websites:
Mastercard
Level 1
Criteria
- Any merchant having more than six million total combined Mastercard and Maestro transactions annually
- Any merchant meeting the Level 1 criteria of Visa
- Any merchant that Mastercard, in its sole discretion determines should meet the Level 1 merchant requirements to minimize risk to the system
Requirements
- Annual PCI DSS assessment resulting in the completion of a Report on Compliance (ROC)1
Level 2
Criteria
- Any merchant with more than one million but less than or equal to six million total combined Mastercard and Maestro transactions annually
- Any merchant meeting the Level 2 criteria of Visa
Requirements
- Annual Self-Assessment Questionnaire (SAQ)2
Level 3
Criteria
- Any merchant with more than 20,000 combined Mastercard and Maestro e-commerce transactions annually but less than or equal to one million total combined Mastercard and Maestro e-commerce transactions annually
- Any merchant meeting the Level 3 criteria of Visa
Requirements
- Annual Self-Assessment Questionnaire (SAQ)3
Level 4
Criteria
- All other merchants4
Requirements
- Annual Self-Assessment Questionnaire (SAQ)3
Visa
- Level 1: Merchants processing over 6 million Visa transactions annually across all channels or Global merchants identified as Level 1 by any Visa region.
- Level 2: 1 to 6 million Visa transactions annually across all channels.
- Level 3: 20,000 to 1 million Visa e-commerce transactions annually.
- Level 4: Merchants processing less than 20,000 Visa ecommerce transactions annually and all other merchants processing up to 1 million Visa transactions annually.
Related Blogs
Stay up-to-date on the latest happenings in Cybersecurity and PCI Compliance.