{"id":2474,"date":"2013-06-04T00:00:00","date_gmt":"2013-06-04T00:00:00","guid":{"rendered":"http:\/\/otava.test\/clarifying-levels-of-pci-compliance\/"},"modified":"2013-06-04T00:00:00","modified_gmt":"2013-06-04T00:00:00","slug":"clarifying-levels-of-pci-compliance","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/","title":{"rendered":"Clarifying Levels of PCI Compliance"},"content":{"rendered":"<p id=\"docs-internal-guid--dc02824-0f94-fb1a-f94b-753da083dc61\" dir=\"ltr\">So, you either transmit, store, or process credit cardholder data for your business. You already know that means you need to be compliant with the 12 Payment Card Industry Data Security Standards (PCI DSS).<\/p>\n<p dir=\"ltr\">However, based on the number of transactions your company processes per year, there are specific levels of <a href=\"https:\/\/onlinetech.com\/compliant-hosting\/pci-compliant-hosting\/overview\">PCI compliance<\/a> that need to be met. As a first step towards compliance, it\u2019s important to know where your company falls on that spectrum, and how that can change the way you reach those requirements.<\/p>\n<p dir=\"ltr\">There are four levels of PCI compliance (these are mandated by Visa and Mastercard):<\/p>\n<ul>\n<li><strong>PCI Compliance Level 1<\/strong> &#8211; Over 6 million Visa and\/or Mastercard transactions processed per year<\/li>\n<li><strong>PCI Compliance Level 2<\/strong> &#8211; 1 million to 6 million Visa and\/or Mastercard transactions processed per year<\/li>\n<li><strong>PCI Compliance Level 3<\/strong> &#8211; 20,000 to 1 million Visa and\/or Mastercard e-commerce transactions processed per year<\/li>\n<li><strong>PCI Compliance Level 4<\/strong> &#8211; Less than 20,000 Visa and\/or Mastercard e-commerce transactions processed per year all other companies that process up to 1 million Visa transactions per year<\/li>\n<\/ul>\n<p dir=\"ltr\">Keep in mind also that if you have a breach, it is possible that the card issuer can change your necessary compliance level. For example, you may only process 20,000 transactions in a year, which would put you at compliance level 3, but after a data breach Visa can determine that you now need to meet level 1 requirements.<\/p>\n<p dir=\"ltr\">What\u2019s the difference between these levels? If your company is large enough to need level 1 compliance, you must get an independent approved scanning vendor (ASV) to come and audit your system and processes. If you are any of the lower levels, you won\u2019t have to get an independent auditor, and instead can complete a PCI DSS Self-Assessment Questionnaire annually.<\/p>\n<p dir=\"ltr\">There are many different Self-Assessment Questionnaires (SAQ) available as well, so you want to make sure you\u2019re using the right one, based on your business:<\/p>\n<ul>\n<li><strong>A<\/strong> &#8211; This questionnaire is for e-commerce, mail, or telephone order merchants that do not store cardholder data, and outsource any cardholder data functions.<\/li>\n<li><strong>B<\/strong> &#8211; Merchants who use an imprint machine to copy cardholder data fall into this category. Standalone, dial-out terminal merchants would fill out this questionnaire as well.<\/li>\n<li><strong>C-VT<\/strong> &#8211; This is for web-based virtual terminal merchants that do not store any electric cardholder data.<\/li>\n<li><strong>C<\/strong> &#8211; If you are a merchant that uses a payment application system connected to the internet and you aren\u2019t collecting cardholder data, this SAQ is for you. If you\u2019re using a software vendor for the payment application system, you\u2019re going to have to ensure the app is compliant.<\/li>\n<li><strong>D<\/strong> &#8211; This is the catchall. If your business doesn\u2019t seem to fit in any of those categories, you\u2019ll want to fill out SAQ D.<\/li>\n<\/ul>\n<p dir=\"ltr\">With this and the PCI DSS in-hand, you\u2019ve got the information you need to start working on those standards.<\/p>\n<p dir=\"ltr\">Want a little more information on PCI compliance? Download our <a href=\"https:\/\/onlinetech.com\/resources\/white-papers\/pci-compliant-data-centers\">PCI Compliant Hosting white paper<\/a>, and we can give you a complete resource for outsourced PCI hosting.<\/p>\n<p><strong>Internet Retailer Conference &amp; Exhibition (IRCE) 2013<\/strong><br \/>\nOnline Tech is exhibiting <a href=\"https:\/\/www.onlinetech.com\/compliant-hosting\/pci-compliant-hosting\/overview\">PCI hosting solutions<\/a> at the IRCE 2013 conference in Chicago from June 4-7 at the McCormick Place West at booth #108!<\/p>\n<p>Known as the world&#8217;s largest e-commerce event, the IRCE conference draws 9,500 e-retailing executives from more than 40 countries. The extensive agenda includes 220 speakers, 120 sessions and 6 workshops covering e-retail topics.<\/p>\n<p>Other Resources:<br \/>\n<a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/who-needs-pci-compliance-exactly\/\">Who Needs PCI Compliance, exactly?<\/a><br \/>\n<a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/pci-report-on-compliance\/\">PCI Report On Compliance<\/a><br \/>\n<a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/pci-compliant-tips-working-with-a-hosting-provider\/\">PCI Compliant Tips: Working With a Hosting Provider<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>So, you either transmit, store, or process credit cardholder data for your business. You already know that means you need to be compliant with the 12 Payment Card Industry Data Security Standards (PCI DSS). However, based on the number of transactions your company processes per year, there are specific levels of PCI compliance that need to be met. As a first step towards compliance, it\u2019s important to know where your company falls on that spectrum, and how that can change the way you reach those requirements. There are four levels of PCI compliance (these are mandated by Visa and Mastercard): PCI Compliance Level 1 &#8211; Over 6 million Visa and\/or Mastercard transactions processed per year PCI Compliance Level 2 &#8211; 1 million to 6 million Visa and\/or Mastercard transactions processed per year PCI Compliance Level 3 &#8211; 20,000 to 1 million Visa and\/or Mastercard e-commerce transactions processed per year PCI Compliance Level 4 &#8211; Less than 20,000 Visa and\/or Mastercard e-commerce transactions processed per year all other companies that process up to 1 million Visa transactions per year Keep in mind also that if you have a breach, it is possible that the card issuer can change your necessary compliance&#8230;<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-2474","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Clarifying Levels of PCI Compliance | OTAVA<\/title>\n<meta name=\"description\" content=\"Based on the number of transactions your company processes per year, there are specific levels of PCI compliance that need to be met.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Clarifying Levels of PCI Compliance\" \/>\n<meta property=\"og:description\" content=\"Based on the number of transactions your company processes per year, there are specific levels of PCI compliance that need to be met.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2013-06-04T00:00:00+00:00\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"Clarifying Levels of PCI Compliance\",\"datePublished\":\"2013-06-04T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/\"},\"wordCount\":590,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/\",\"url\":\"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/\",\"name\":\"Clarifying Levels of PCI Compliance | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"datePublished\":\"2013-06-04T00:00:00+00:00\",\"description\":\"Based on the number of transactions your company processes per year, there are specific levels of PCI compliance that need to be met.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Clarifying Levels of PCI Compliance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Clarifying Levels of PCI Compliance | OTAVA","description":"Based on the number of transactions your company processes per year, there are specific levels of PCI compliance that need to be met.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/","og_locale":"en_US","og_type":"article","og_title":"Clarifying Levels of PCI Compliance","og_description":"Based on the number of transactions your company processes per year, there are specific levels of PCI compliance that need to be met.","og_url":"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/","og_site_name":"OTAVA","article_published_time":"2013-06-04T00:00:00+00:00","author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"Clarifying Levels of PCI Compliance","datePublished":"2013-06-04T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/"},"wordCount":590,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/","url":"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/","name":"Clarifying Levels of PCI Compliance | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"datePublished":"2013-06-04T00:00:00+00:00","description":"Based on the number of transactions your company processes per year, there are specific levels of PCI compliance that need to be met.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/clarifying-levels-of-pci-compliance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"Clarifying Levels of PCI Compliance"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2474","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2474"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2474\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2474"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2474"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2474"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2474"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}