The Payment Card Industry defines four merchant levels based on the number of transactions per year with a single card issuer and prior history. The table below shows the level requirements and auditing requirements.
|Merchant Level||e-Commerce Transactions /year||Non e-Commerce Transactions /year||Validation Action||Validated By|
|1||6,000,000+||6,000,000+||Annual on-site PCI Assessment||Qualified Security Assessor OR Internal Audit if signed by company officer|
|2||1,000,000-5,999,999||1,000,000-5,999,999||Annual PCI Self-Assessment||Merchant|
|3||20,000-999,999||Not Applicable||Annual PCI Self-Assessment||Merchant|
|4||1-19,999||1-999,999||Annual PCI Self-Assessment||Merchant|
In addition to the above validation requirements, a quarterly network scan by an approved scanning vendor is required. This may not apply to all merchants. Contact Daly Realism for details.
Each of the limits apply separately to each card issuer. It is possible to be level 3 for one issuer and level 4 or another. At each issuers discresion, an issuer may require a merchant to go to a higher (smaller number) level.
Daly Realism focuses on providing services to Merchants in levels 2-4.