As a business owner, it is important to understand the four levels of PCI compliance in order to protect your customers’ credit card information. In this article, we will provide a comprehensive guide to the four levels of PCI compliance and what is required of each level.
- Level 1: The highest level of PCI compliance, which is aimed at businesses that process over 6 million transactions per year. To achieve Level 1 PCI compliance, businesses must complete a comprehensive security assessment and implement all required security measures.
- Level 2: The second highest level of PCI compliance, which is aimed at businesses that process 1 to 6 million transactions per year. To achieve Level 2 PCI compliance, businesses must complete a validation of their security measures and have a written plan in place for maintaining compliance.
- Level 3: The third highest level of PCI compliance, which is aimed at businesses processing up to 1 million transactions per year. To achieve Level 3 PCI compliance, businesses must maintain a quarterly network scan by an Approved Scan Vendor (ASV) and document the findings.
- Level 4: The lowest level of PCI compliance, which is aimed at businesses processing up to 20,000 transactions per year. To achieve Level 4 PCI compliance, businesses must maintain a self-assessment questionnaire and document the findings.
The Four Levels of PCI Compliance Defined:
PCI stands for Payment Card Industry and is a set of compliance standards that must be met by all businesses that process, store, or transmit credit card information. The level of PCI compliance that your business needs to meet depends on the number of transactions you process each year.
- Level 1: For businesses that process over 6 million transactions per year
- Level 2: For businesses that process 1 to 6 million transactions per year
- Level 3: For businesses that process up to 1 million transactions per year
- Level 4: For businesses that process up to 20,000 transactions per year
PCI DSS (Data Security Standard) is the main compliance standard that must be met by all businesses that process credit card information. PCI DSS is a set of 12 requirements, which are divided into four main categories: Build and Maintain a Secure Network, Protect Cardholder Data, Regularly Monitor and Test Networks, and Maintain an Information Security Policy.