| CN Wylie Group | Success Stories | Register | Links | Contact Us |
PCI DSS Requirements
PCI (Payment Card Industry) Data Security Standard requires that all merchants using a merchant account be audited under PCI standards.
Currently financial institutions and acquirers are phasing this program in. If your organization has been told to obtain a "compliance certificate" you will need to be audited under PCI DSS.
Visa Merchant levels defined for Canada
Acquirers are responsible for determining the compliance validation requirement levels of their merchants. All merchants will fall into one of the five merchant levels based on annual Visa transaction volume of that merchant. The transaction volume of a merchant is calculated based on the processing environment aggregate number of Visa transactions processed by a merchant under a common business name or from a Doing Business As (DBA) or a chain of stores but not of a corporation that has several chains. Merchant levels are defined as:
| Merchant Level | Description |
| 1 | Any merchant-regardless of acceptance channel, processing over 6,000,000 Visa transactions per year. Any merchant that has suffered a successful unauthorized intrusion that resulted in an account data compromise. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system. Any merchant identified by any other payment card brand as Level 1. |
| 2 | Any merchant processing between 150,000 to 6,000,000 Visa e-commerce transactions per year. |
| 3 | Any merchant processing between 20,000 to 150,000 Visa e-commerce transactions per year. |
| 4A | Any merchant processing between 1,000,000 and 6,000,000 Visa transactions per year. |
| 4B | Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants processing fewer than 1,000,000 Visa transactions per year. |
AIS Program compliance validation basics
In addition to adhering to the twelve security requirements and sub-requirements of the Payment Card Industry (PCI) Data Security Standards compliance validation is required for Level 1, Level 2, Level 3 and Level 4A merchants, and strongly recommended for Level 4B merchants.
| Level | Validation Action | Validated By | Enrolled By* | Validate By |
| 1 | Annual Self-Assessment Questionnaire, Annual On-site PCI Data Security Assessment and Quarterly Network Scan | Qualified Independent Security Assessor | 9/30/05 | 12/31/05 |
| 2 and 3 | Annual Self-Assessment Questionnaire and Quarterly Network Scan | Qualified Independent Security Assessor | 9/30/05 | 12/31/05 |
| 4A | Annual Self-Assessment Questionnaire and Quarterly Network Scan | Qualified Independent Security Assessor | 9/30/05 | 12/31/05 |
| 4B** | Annual Self-Assessment Questionnaire and Quarterly Network Scan | Qualified Independent Security Assessor | TBD | TBD |
Data as per http://www.visa.ca/en/merchant/fraudprevention/ais/merchlevels.cfm January 31, 2006
If you would like a quote click here.
Links to data security documents:
| Privacy | Security | Disclaimer | Careers |
|
Copyright © 1994 - 2008 SPIguard Security Solutions Inc. 1-800-811-7811 info@spiguard.com |
 |
 |
 |
 |
 |
All rights reserved. Large sections of this site may not be copied without the consent of SPIguard. All text that is intellectual property is copyrighted. Theft will result in consequences. Any information from this site may NOT be used or displayed in any form without prior permission from SPIguard. and such information requires that appropriate credit be given to this site.