• (800) 846-4472



Size Matters When it Comes to PCI Compliance

Identify the right PCI requirements for your business

The Payment Card Industry Data Security Standard (PCI DSS) is a security standard developed by the major card brands (Visa®, MasterCard®, Discover®, American Express® and others) to help merchants protect credit cardholder data.  Merchants who process credit cards are required to be PCI compliant in order to protect cardholder data.  The requirements associated with maintaining PCI compliance vary depending on the size and processing method of the business.  There are four levels or “tiers” and each level has its own requirements. Read on to identify which level applies to your business, and the steps you can take to achieve compliance for your tier. 

What are the “Tiers” associated with PCI Compliance 

  1. Level 1 Merchants:

    Level 1 or Tier 1 merchants process over 6 million Visa* transactions annually through all channels (card present, card not present, ecommerce.)  Also, any worldwide merchant who processes a total of 6 million transactions across all regions may cause the entire business to qualify. Merchants who are considered Tier 1 must do the following:​
     
    • Complete an annual PCI DSS validation through a Qualified Security Assessor (QSA)
    • Complete a quarterly network scan by an ASV (Approved Scanning Vendor)
    • Complete the Attestation of Compliance Form
  2. Level 2 Merchants:

    Tier 2 merchants process 1 – 6 million Visa transactions annually through all channels (card present, card not present, ecommerce.)  Merchants who are considered Tier 2 must do the following:
     
    • Complete an Annual Self Assessment Questionnaire (SAQ)
    • Complete a quarterly network scan by an ASV (Approved Scanning Vendor)
    • Complete the Attestation of Compliance Form
       
  3. Level 3 Merchants:

    Tier 3 merchants process 20,000 to 1 million Visa transactions annual exclusively via e-commerce processing methods.  Merchants who are considered Tier 3 must do the following:
     
    • Complete an Annual Self Assessment Questionnaire (SAQ)
    • Complete a quarterly network scan by an ASV (Approved Scanning Vendor)
    • Complete the Attestation of Compliance Form
       
  4. Level 4 Merchants:

    Tier 4 merchants process up to 1 million Visa transactions annually through all channels (card present, card not present, ecommerce) and do not process more than 20,000 Visa transactions annually exclusively via ecommerce.  Alternatively a merchant processing less than 20,000 Visa transactions annually exclusively via ecommerce will qualify for Tier 4.  Merchants who are considered Tier 4 must do the following:
     
    • Complete an Annual Self-Assessment Questionnaire (SAQ)
    • Complete a quarterly network scan by an ASV (Approved Scanning Vendor)
    • Complete the Attestation of Compliance Form

How do merchants take action?

Merchants can determine where they fall in the PCI compliance tiers through their merchant services provider or the reporting tools provided by said provider.  Merchants in tiers 1-3 have more complex compliance requirements because of the size and nature of their business.  They are also considerably more likely to have internal IT and compliance teams to implement and monitor their compliance programs. Most merchants who identify as small businesses fall under the tier 4 category. While the compliance requirements may be somewhat simpler, small merchants may find it more challenging to meet them because they do not have internal IT infrastructure.  They may feel overwhelmed and unsure where to begin.

Luckily, for Tier 4 merchants, there are many products available at reasonable costs related to their business size.  While Tier 1-3 merchants may have to spend quite a lot of money on security and then pay for onsite assessments performed by a Qualified Security Assessor, Tier 4 merchants who actively use a PCI compliance service can get a similar benefit for the size of their business for pennies on the dollar.

Vantiv Integrated Payments offers Merchant SecureAssist® which is a compliance assistance solution that offers the tools to help merchants achieve and maintain compliance.  This solution includes an online “wizard” that guides merchants through the compliance process one step at a time, as well as real time, point of sale system scans.

Contact Vantiv Integrated Payments to learn more or to get started achieving compliance today.   

*Though Visa is typically used as the illustration for PCI tiers, the level is the same across all brands and the card brands are not added together for tier placement.

Visa, MasterCard, American Express, and Discover are registered marks belonging to one or more unaffiliated third parties that do not endorse or sponsor Vantiv Integrated Payments, LLC.  

 

At Your Fingertips

Download the EMV Handbook

The impending shift in liability for card-present fraud is driving a transition to EMV. Are you ready? This handbook can help you prepare.

Get ready for EMV. We can help.

Vantiv Integrated Payments is ready for EMV and has the technology and a network of providers that merchants need to enter the new era of payments.

Find a local POS Provider

This free service helps you find a POS provider who can help you identify and implement the best EMV solution for your business.


 
 
Thank you for your interest in
Vantiv Integrated Payments.
We just need a little info to get started.