Merchant level tiers are based on their total transaction volume over a 12-month period. Identifying which level fits your business determines the requirements to validate for PCI DSS compliance.
PCI DSS Compliance Levels
Level 4 Merchant
Merchant processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually.
- Self-Assessment Questionnaire (SAQ)
- Attestation of Compliance (AOC)
- Proof of Quarterly network scan by and Approved Scan Vendor (ASV)
Level 3 Merchant
20,000 to 1 million e-commerce Visa transactions annually.
- Self-Assessment Questionnaire (SAQ)
- Attestation of Compliance (AOC)
- Proof of Quarterly network scan by and Approved Scan Vendor (ASV)
Level 2 Merchant
1 to 6 million Visa transactions annually across all channels.
- Self-Assessment Questionnaire (SAQ)
- Attestation of Compliance (AOC)
- Proof of Quarterly network scan by and Approved Scan Vendor (ASV)
Level 1 Merchant
Merchant processing over 6 million Visa transactions annually or Global merchants identified as level 1 by any Visa region.
- File a Report on Compliance ("ROC") by Qualified Security Assessor ("QSA")” or Internal
- Auditor if signed by officer of the company. We recommend the internal auditor obtain the
- PCI SSC Internal Security Assessor ("ISA") certification.
- Submit an Attestation of Compliance ("AOC") Form
- Proof of a quarterly network scan by an Approved Scan Vendor ("ASV")
If you are unsure which level your business belongs to, please contact support@zumrails.com for assistace.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article