{"id":1739,"date":"2012-01-19T00:00:00","date_gmt":"2012-01-19T00:00:00","guid":{"rendered":"http:\/\/otava.test\/guide-to-pci-compliance-levels-merchant-types\/"},"modified":"2012-01-19T00:00:00","modified_gmt":"2012-01-19T00:00:00","slug":"guide-to-pci-compliance-levels-merchant-types","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/","title":{"rendered":"Guide to PCI Compliance Levels & Merchant Types"},"content":{"rendered":"

Do you know what level of PCI (Payment Card Industry<\/a>) compliance your company falls under? Or even what merchant type best categorizes your payment process?<\/p>\n

Here\u2019s your guide to the four different levels of PCI compliance<\/a><\/strong> as mandated by the major payment card brands, Visa and Mastercard, as well as action items for each:<\/p>\n\n\n\n\n\n\n
\n

Level 1<\/strong><\/p>\n<\/td>\n

Over 6 million Visa and\/or Mastercard transactions processed per year. Requires yearly on-site reviews by an internal auditor, and a network scan by an approved scanning vendor<\/a>\u00a0(ASV).<\/td>\n<\/tr>\n
\n

Level 2<\/strong><\/p>\n<\/td>\n

1 million to 6 million Visa and\/or Mastercard transactions processed per year. Must complete a Self-Assessment Questionnaire (SAQ) annually, and requires a network scan with an approved scanning vendor.<\/td>\n<\/tr>\n
\n

Level 3<\/strong><\/p>\n<\/td>\n

20,000 to 1 million Visa and\/or Mastercard e-commerce transactions processed per year. Must complete a Self-Assessment Questionnaire (SAQ) annually, and requires a network scan with an approved scanning vendor.<\/td>\n<\/tr>\n
\n

Level 4<\/strong><\/p>\n<\/td>\n

Less than 20,000 Visa and\/or Mastercard e-commerce transactions processed per year all other companies that process up to 1 million Visa transactions per year. Must complete a Self-Assessment Questionnaire (SAQ) annually, and requires a network scan with an approved scanning vendor.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Now, how do you know which SAQ (Self-Asssessment Questionnaire)<\/strong>\u00a0to fill out? Find which merchant type best fits your company profile:<\/p>\n\n\n\n\n\n\n\n
\n

A<\/strong><\/p>\n<\/td>\n

E-commerce, mail or telephone order merchants that do not store cardholder data<\/a>\u00a0(CD). All cardholder data functions are outsourced. This does not include face-to-face merchants.<\/td>\n<\/tr>\n
\n

B<\/strong><\/p>\n<\/td>\n

Merchants that do not store electronic cardholder data. Instead, this applies to merchants that use an imprint machine to copy cardholder information. Also applies to standalone, dial-out terminal merchants.<\/td>\n<\/tr>\n
\n

C-VT<\/strong><\/p>\n<\/td>\n

Web-based virtual terminal merchants that do not store electronic cardholder data.<\/td>\n<\/tr>\n
\n

C<\/strong><\/p>\n<\/td>\n

Merchants that use a payment application system<\/a> connected to the Internet and do not store electronic cardholder data. If using a software vendor for the payment application system, they must take security measures to ensure the app meets PCI compliance.<\/td>\n<\/tr>\n
\n

D<\/strong><\/p>\n<\/td>\n

This includes all of the other merchants that aren\u2019t included in the above categories, including all service providers defined as eligible to complete a SAQ and approved by a payment brand.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

You’ve narrowed down what level and type of merchant you are, so now what?\u00a0Read up about the 12 requirements to meet PCI Compliance with\u00a0What is PCI Compliance?<\/a>\u00a0or watch a webinar on the detailed requirements<\/a> of PCI compliance.<\/p>\n

References:
\nPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire<\/a>
\n Levels of PCI Compliance<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Do you know what level of PCI (Payment Card Industry) compliance your company falls under? Or even what merchant type best categorizes your payment process? Here\u2019s your guide to the four different levels of PCI compliance as mandated by the major payment card brands, Visa and Mastercard, as well as action items for each: Level 1 Over 6 million Visa and\/or Mastercard transactions processed per year. Requires yearly on-site reviews by an internal auditor, and a network scan by an approved scanning vendor\u00a0(ASV). Level 2 1 million to 6 million Visa and\/or Mastercard transactions processed per year. Must complete a Self-Assessment Questionnaire (SAQ) annually, and requires a network scan with an approved scanning vendor. Level 3 20,000 to 1 million Visa and\/or Mastercard e-commerce transactions processed per year. Must complete a Self-Assessment Questionnaire (SAQ) annually, and requires a network scan with an approved scanning vendor. Level 4 Less than 20,000 Visa and\/or Mastercard e-commerce transactions processed per year all other companies that process up to 1 million Visa transactions per year. Must complete a Self-Assessment Questionnaire (SAQ) annually, and requires a network scan with an approved scanning vendor. Now, how do you know which SAQ (Self-Asssessment Questionnaire)\u00a0to fill out? Find…<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-1739","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"\nGuide to PCI Compliance Levels & Merchant Types | OTAVA<\/title>\n<meta name=\"description\" content=\"Here\u2019s your guide to the four different levels of PCI compliance as mandated by the major payment card brands.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Guide to PCI Compliance Levels & Merchant Types\" \/>\n<meta property=\"og:description\" content=\"Here\u2019s your guide to the four different levels of PCI compliance as mandated by the major payment card brands.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2012-01-19T00:00:00+00:00\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"Guide to PCI Compliance Levels & Merchant Types\",\"datePublished\":\"2012-01-19T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/\"},\"wordCount\":407,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/\",\"url\":\"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/\",\"name\":\"Guide to PCI Compliance Levels & Merchant Types | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"datePublished\":\"2012-01-19T00:00:00+00:00\",\"description\":\"Here\u2019s your guide to the four different levels of PCI compliance as mandated by the major payment card brands.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Guide to PCI Compliance Levels & Merchant Types\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Guide to PCI Compliance Levels & Merchant Types | OTAVA","description":"Here\u2019s your guide to the four different levels of PCI compliance as mandated by the major payment card brands.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/","og_locale":"en_US","og_type":"article","og_title":"Guide to PCI Compliance Levels & Merchant Types","og_description":"Here\u2019s your guide to the four different levels of PCI compliance as mandated by the major payment card brands.","og_url":"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/","og_site_name":"OTAVA","article_published_time":"2012-01-19T00:00:00+00:00","author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"Guide to PCI Compliance Levels & Merchant Types","datePublished":"2012-01-19T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/"},"wordCount":407,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/","url":"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/","name":"Guide to PCI Compliance Levels & Merchant Types | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"datePublished":"2012-01-19T00:00:00+00:00","description":"Here\u2019s your guide to the four different levels of PCI compliance as mandated by the major payment card brands.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/guide-to-pci-compliance-levels-merchant-types\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"Guide to PCI Compliance Levels & Merchant Types"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/1739","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=1739"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/1739\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=1739"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=1739"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=1739"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=1739"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}