PL EN

Levels

pp56 Merchant Levels:
Level Criteria Requirements Validation
pp61
  • Merchant processing over 6 milion transactions annually
  • Merchant that suffered a security breach, resulting in an account compromise
  • Individual payment brand decision
  • On-site Annual Security Audit
  • Quarterly Network Scan
  • QSA or ISA
  • ASV
pp62
  • Merchant processing 1 mln to 6 milion transactions annually
  • Annual SAQ
  • Quarterly Network Scan

 

  • ASV
pp63
  • Merchant processing over 20000 to 1 milion e-commerce transaction annually
  • Annual SAQ
  • Quarterly Network Scan
  • ASV
pp64
  • Merchant processing less than 20000 to 1 milion e-commerce transaction annually
  • all other merchants processing up to 1 milion transactions annually
  • Annual SAQ
  • Quarterly Network Scan
  • ASV

 

pp67 Service Providers Levels:
Level Criteria Requirements Validation
pp61

  • All Third Party Processors (TPPs)

  • All Data Storage Entities (DSE) with more than 300 000 total combined MC/Visa transactions annually
  • On-site Annual Security Audit
  • Quarterly Network Scan
  • QSA
  • ASV
pp62
  • All DSE’s with 300,000 or less combined MC/Visa transactions annually
  • Annual SAQ
  • Quarterly Network Scan
  • ASV

 

All organizations/business units eligible to ASV or QSA audits are required to validate their compliance using independent, PCI SSC authorized companies/vendors (list available on PCI DSS website).