........
Scanning solutions starting at $189
.......
Current News
PCI DSS Core Principles
....
• Build and Maintain a Secure Network
...
• Protect Cardholder Data
...
• Maintain a Vulnerability
Management
..Program
..
• Implement Strong Access Control
..Measures
...
• Regularly Monitor and Test
Networks
...
• Maintain an Information Security Policy |
|
Merchant Levels
American Express Merchants are catagorized into one of three levels for data security - primarily based on the Merchant's volume of American Express transactions. Your data security requirements are determined by the level you fall under. The table below will help you determine
your level and show your requirements for complying with the American Express Data Security Operating Policy.
Level |
Definition |
Validation
..Documentation |
Requirement |
1 |
2.5 million American Express Card transactions
or more per year; or any merchant that has had
a data incident; or any merchant that American Express otherwise deems a Level 1 |
Annual Onsite
Security Audit
Report, and Quarterly Network Scan |
Mandatory |
2 |
50,000 to 2.5 million American Express Card transactions per year |
Quarterly Network Scan |
Mandatory |
3 |
Less than 50,000 American Express Card
transactions per year |
Quarterly Network Scan |
Strongly Recommended |
*Level 3 Merchants need not submit Validation Documentation, but still must comply with all other
provisions of the Data Security Operating Policy.
NOTE: The transaction criteria listed above are from the American Express program.
MasterCard Merchants are catagorized into one of four levels for data security - primarily based on the Merchant's volume of MasterCard transactions. Your data security requirements are
determined by the level you fall under. The table below will help you determine your level and
show your requirements for complying with the MasterCard Data Security Operating Policy.
Level |
Definition |
Validation
..Documentation |
Validated By |
1 |
Any merchant-regardless of acceptance
channel-processing over 6,000,000 MasterCard
transactions per year. Any merchant that has
suffered a hack or an attack that resulted in an
account data compromise. Any merchant that
MasterCard, at its sole discretion, determines should
meet the Level 1 merchant requirements to
minimize risk to the MasterCard system. Any
merchant identified by any other payment card
brand as Level 1.
|
Annual On-site PCI
Data Security Assessment
and Quarterly
Network Scan |
Qualified Security Assessor or Internal Audit if signed by Officer of the company.
Approved Scanning Vendor |
2 |
Any merchant-regardless of acceptance
channel-processing 1,000,000 to 6,000,000
MasterCard transactions per year. |
Annual PCI Self-Assessment Questionnaire
and Quarterly
Network Scan |
Merchant.
Approved Scanning Vendor |
3 |
Any merchant processing 20,000 to 1,000,000
MasterCard e-commerce transactions per year. |
Annual PCI Self-Assessment Questionnaire
and Quarterly
Network Scan |
Merchant.
Approved Scanning Vendor |
4 |
Any merchant processing fewer than 20,000
MasterCard e-commerce transactions per year, and
all other merchants-regardless of acceptance
channel-processing up to 1,000,000 MasterCard transactions per year. |
Annual PCI Self-Assessment Questionnaire
and Quarterly
Network Scan |
Merchant.
Approved Scanning Vendor |
NOTE: The transaction criteria listed above are from the MasterCard SDP program.
VISA Merchants are catagorized into one of four levels for data security - primarily based on the Merchant's volume of VISA transactions. Your data security requirements are determined by the level you fall under. The table below will help you determine your level and show your requirements for complying with the VISA Data Security Operating Policy.
Level |
Definition |
Validation
..Documentation |
Validated By |
1 |
Any merchant-regardless of acceptance
channel-processing over 6,000,000 Visa
transactions per year. Any merchant that has
suffered a hack or an attack that resulted in an
account data compromise. Any merchant that
Visa, at its sole discretion, determines should
meet the Level 1 merchant requirements to
minimize risk to the Visa system. Any merchant
identified by any other payment card brand
as Level 1.
|
Annual On-site PCI
Data Security Assessment
and Quarterly
Network Scan |
Qualified Security Assessor or Internal Audit if signed by Officer of the company.
Approved Scanning Vendor |
2 |
Any merchant-regardless of acceptance
channel-processing 1,000,000 to 6,000,000
Visa transactions per year. |
Annual PCI Self-Assessment Questionnaire
and Quarterly
Network Scan |
Merchant.
Approved Scanning Vendor |
3 |
Any merchant processing 20,000 to 1,000,000
Visa e-commerce transactions per year. |
Annual PCI Self-Assessment Questionnaire
and Quarterly
Network Scan |
Merchant.
Approved Scanning Vendor |
4 |
Any merchant processing fewer than 20,000 Visa
e-commerce transactions per year, and all other merchants-regardless of acceptance channel-processing up to 1,000,000 Visa transactions per year. |
Annual PCI Self-Assessment Questionnaire
and Quarterly
Network Scan |
Merchant.
Approved Scanning Vendor |
NOTE: The transaction criteria listed above are from the VISA program.
|
