Quick Start

PCI Compliance

PCI Compliance Merchant ‘Levels’ Explained

All merchants, small or large, need to be PCI Compliant. The payment brands (Visa, MasterCard, American Express, Discover, and JCB) have collaboratively adopted PCI DSS as the requirement for organizations and businesses that process, store or transmit credit card data. There are four merchant levels of PCI compliancy, and which level a merchant falls under is based upon a their volume of Visa transactions over a 12-month period. Transaction volume is based on the aggregated volume of Visa transactions – credit, debit, and pre-paid – from a merchant Doing Business As (‘DBA’).

A merchant corporation can have more than one DBA and, in such cases, Visa acquirers consider the aggregate volume of transactions stored, processed or transmitted by the overall corporation entity in order to determine its merchant validation level. As defined by Visa, here is a more defined explanation of the four merchant levels of PCI Compliancy.

Merchant Level 1

Merchant Level 1 includes all merchants – regardless of acceptance channel – processing over 6 million Visa transactions a year. At its sole discretion, Visa determines what merchants meet Level 1 merchant requirements, in order to minimize the risk to the Visa system.

Merchant Level 2

Merchant Level 2 includes any merchant – regardless of acceptance channel – processing 1 million to 6 million Visa transactions per year.

Merchant Level 3

Merchants processing 20,000 to 1 million Visa e-commerce transactions per year are considered a validation level 3.

Merchant Level 4

Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants – regardless of acceptance channel – processing up to 1 million in Visa transactions per year are considered a validation level 4.

Any merchant that may have suffered a hack that compromised account data, may be escalated to a higher validation level. This escalation is determined and enforced by the PCI DSS.
Some merchants believe that having an SSL certificate translates to being PCI Compliant, but it does not. SSL certificates do not secure a Web server from malicious attacks or hacks. High assurance SSL certificates provide only the first tier of customer security and reassurance, but there are other steps to achieving PCI Compliance.

PCI Compliance is mandatory, and if you are non-compliant, it could cost you up to 70 percent of your revenue in fines. If you are in need of a credit card processing or merchant services that will ensure your PCI Compliance, call Veritrans now. Veritrans has the credit card processing services your business needs, plus superior quality service and no hidden fees. Guaranteed. Veritrans offers retail, wireless, online, and MOTO processing for all types of major brand cards: Visa, MasterCard, American Express, Discover, JCB (Japan’s Credit Card), Pin-based debit cards and EBT (food stamps) cards. Even if you already have an account somewhere else, call Veritrans for a free and confidential analysis of your current contract and fees. No matter your situation, we will help you understand and walk you through our cost-effective card processing service solutions.

Is Your Business PCI Compliant?

If your business or organization accepts credit cards as payment, the following information is essential to legal and efficient operation within the United States. PCI compliancy is mandatory and, if you aren’t yet compliant, you must do so now. If you choose to ignore PCI compliancy, it will not only cost you thousands of dollars in fines, but your entire business itself. Is your business PCI compliant?

What is PCI?

On September 7, 2006, the Payment Card Industry Security Standards Council (PCI SSC) was launched in order to manage the continuous evolutionary needs of Payment Card Industry (PCI) security standards, primarily focusing on security for payment accounts throughout the payment process. The PCI SSC was created by the major credit card brands Visa, MasterCard, American Express, Discover, and JCB, effectively administering and managing the PCI DSS.

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. Essentially this encompasses any merchant that has a Merchant ID (MID).

To Whom Does PCI Apply?

PCI Compliance applies to all businesses, organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any credit cardholder data. Simply put, if any customer ever pays a business or merchant directly with a credit card, then the PCI DSS requirements apply.

Even if you only accept credit cards over the phone, PCI Compliance is still applicable. Debit and pre-paid cards that are branded with one of the five card brands also fall within the scope of cards required by the PCI SSC to meet their requirements.

What Are the Consequences?

If your business or organization is deemed non-compliant, you and your merchant bank may accrue very stiff fines and penalties. The credit card brands may, at their own discretion, fine you $5,000 to $100,000 per month for PCI compliance violations. Penalties are not openly discussed, but they can absolutely devastate a small- or medium-sized business.
Most small- to medium-sized businesses go through banks to set up their credit card processing services. If your business is within this scope, it is incredibly important to be familiar with your merchant account agreement, which should outline your exposure to penalties and fines.

PCI Compliance is mandatory, and if you are non-compliant, it could cost you up to 70 percent of your revenue in fines. If you are in need of a credit card processing or merchant services that will ensure your PCI Compliance, call Veritrans now. Veritrans has the credit card processing services your business needs, plus superior quality service and no hidden fees. Guaranteed. Veritrans offers retail, wireless, online, and MOTO processing for all types of major brand cards: Visa, MasterCard, American Express, Discover, JCB (Japan’s Credit Card), Pin-based debit cards and EBT (food stamps) cards. Even if you already have an account somewhere else, call Veritrans for a free and confidential analysis of your current contract and fees. No matter your situation, we will help you understand and walk you through our cost-effective card processing service solutions.