Understanding merchant levels
Security at every step
Whether you conduct a few payment processes or millions of transactions every year, you will belong to a particular merchant level. This section determines your merchant level and how you can validate your compliance.
| Level |
Criteria for level |
Validation requirements |
| 1 |
- Any merchant processing over 6 million VISA or MasterCard transactions a year
- Any compromised merchant
|
- Annual onsite security assessment
- Quarterly network scan may be required if your cardholder data infrastructure is connected to the internet
|
| 2 |
- Any merchant processing one to six million VISA or MasterCard transactions a year
|
- Annual Self Assessment Questionnaire
- Quarterly network scan may be required if your cardholder data infrastructure is connected to the internet
|
| 3 |
- Any merchant processing 20,000 to one million VISA or MasterCard e-commerce transactions a year
|
- Annual Self Assessment Questionnaire
- Quarterly network scan may be required if your cardholder data infrastructure is connected to the internet
|
| 4 |
- Any merchant processing fewer than 20,000 VISA or MasterCard transactions a year
- All other merchants processing up to one million VISA or MasterCard transactions a year
|
- Annual self-assessment questionnaire
- Quarterly network scan may be required if your cardholder data infrastructure is connected to the internet
|
