You are here:

PCI levels

Credit card organizations have their own specific rules to assign PCI-levels to their merchants. If you want to be sure which PCI-level your are assigned to, please, contact your acquirer! They will be able to specify your actual PCI-level!

Merchant definition Annual transaction level Compliance validation reporting requirements
Level 1
  • Merchants with more than 6 million transactions.

  • Merchants whose data has been compromised.
  • Pass quarterly scan by an authorized scanning vendor.

  • Annual onsite audit by Qualified Data Security Company.
Level 2
  • Merchants with 1 to 6 million transactions.
  • Pass quarterly scan by an authorized scanning vendor.

  • Annual self-assessment questionnaire by merchant.
Level 3
  • Merchants with 20.000 to 1 million transactions.
  • Pass quarterly scan by an authorized scanning vendor.

  • Annual self-assessment questionnaire by merchant.
Level 4
  • Merchants with less than 20.000 transactions.
  • Reporting of compliance to acquiring bank not required, however compliance is required.

*Note: Reporting of compliance validation may be required by some banks for Level 4 merchants, and the requirements and fines are identical for Level 2, 3 and 4 merchants.