The Payment Card Industry Data Security Standard (PCI DSS) is the payment card industry data security requirement for merchants that store, process or transmit cardholder information, and has been endorsed by all the major card brands - Visa Inc., MasterCard Worldwide, Discover Network, American Express and JCB. The PCI DSS is a framework for the secure handling of cardholder data.
For large merchants, Trustwave offers unmatched resources and experience in guiding you through the process of PCI DSS compliance - from initial scheduling of your review to final preparation of documentation. For Level 4 merchants, we offer a tailored approach that provides an automated, Web-based validation process to help merchants become compliant and maintain their compliance with PCI DSS. Since PCI started in 2002, Trustwave has helped thousands of Level 1,2 and 3 merchants and hundreds of thousands of Level 4 merchants enroll and achieve PCI DSS compliance. Trustwave is qualified to validate compliance of merchants and services providers with the PCI Data Security Standard and all the card association data security programs.
| Table A: PCI Data Security Standard Compliance for Merchants |
| Merchant Level | Selection Criteria | Validation Actions | Validated By |
| 1 | Any merchant - regardless of acceptance channel - processing more than 6,000,000 Visa transactions per year Any merchant that has suffered a hack or an attack that resulted in an account data compromise Any merchant identified by any card association as Level 1 |
Annual On-Site Security Audit1 and Quarterly Network Scan |
Independent Security Assessor or Internal Audit if signed by an Officer of the company Qualified Independent Scan Vendor |
| 2 | 1 million – 6 million Visa or MasterCard transactions per year |
Visa MasterCard |
Merchant Qualified Independent Scan Vendor |
| 3 | 20,000 – 1 million Visa or MasterCard e-commerce transactions per year | Annual PCI Self-Assessment Questionnaire and Quarterly Network Scan |
Merchant Qualified Independent Scan Vendor |
| 4 | Less than 20,000 Visa or MasterCard e-commerce transactions per year, and all other merchants processing up to 1 million Visa or MasterCards transactions per year |
Visa MasterCard |
Merchant Qualified Independent Scan Vendor Validation requirements and dates for Level 4 merchants are determined by the merchant's acquirer. Submission of scan reports and/or questionnaires by level 4 merchants may be required. |
|
1. Effective 30 June 2011, MasterCard Level 1 merchants that choose to conduct an annual onsite assessment using an internal auditor must ensure that primary internal auditor staff engaged in validating PCI DSS compliance attend PCI SSC-offered merchant training programs and pass any PCI SSC associated accreditation program annually in order to continue to use internal auditors. |
