How to apply for a PCI-DSS Level 1 compliance?

How to apply for PCI-DSS Level 1 compliance? What are the criteria and requirements you should consider?
credit card sitting on top of a card reader

In 2006, the PCI Security Standards Council, or PCI SSC, created different levels for organizations to consider if they are applying for a certification.

These levels are based on the number and type of credit card transactions businesses go through per year. 

The PCI SSC created this to acknowledge the security risks merchants and customers go through as the number of credit card transactions rises. 

The fewer the transactions, the lower the level your organization belongs to.

What is PCI-DSS Level 1?

PCI-DSS Level 1 is one of four PCI-DSS compliance levels created to protect the security of a client’s credit card data. Depending on the credit card company, PCI-DSS defines a “Level 1” merchant as those that process over six million, 2.5 million, or one million card transactions per year.

This term also applies to those corporations that suffered from a data breach or cyberattack that resulted in the loss of data.

How do merchants comply?

The list of requirements needed for PCI-DSS compliance is very few, but it is also a complicated process. It is with good reason, though.

The customers’ personal information is at stake every time a card transaction is being made with your business. Therefore, companies must do what they should to protect that data

Always remember that a data breach could damage your company’s reputation and could bring fines and lawsuits to your organization.

Here are the criterias and requirements you must consider to apply for a PCI-DSS certification.

Criteria

As stated before, PCI-DSS Level 1 merchants are those organizations that process over six million transactions annually. Additionally, it also depends on which payment or credit card brands the merchant accepts.

Visa Inc. International, MasterCard Worldwide and Discover Financial Services define Level 1 merchants as those processing more than 6 million credit card transactions per year.

American Express’ criteria for a Level 1 is 2.5 million transactions per year.

While JCB International’s Level 1 businesses start at 1 million credit card transactions per year.

An organization who had suffered from a data breach or cyberattack that resulted in a compromised credit card must also meet level 1 requirements – no matter their size or how they process, store or transmit card transactions.  

Requirements

The requirements for a Level 1 merchant are as follows:

  • Report on Compliance (ROC) by a Qualified Security Assessor (QSA) or Internal Security Assessor, should be done annually
  • Network scan by Approved Scan Vendor (ASV), should be done quarterly
  • Completed Attestation of Compliance form

Merchants must also report the audit results to their acquiring bank. 

The yearly assessment consists of several steps made by the QSA, including an examination of your business’ point of sale system, a detailed review of the areas your company is vulnerable in, and a list of improvements you should make to prevent future attacks.

Your job once the assessment is over, is to develop security protocols that will monitor your systems for compliance going forward.

Picture of OP360 Team

OP360 Team

OP360 is a leading provider of operational solutions, specializing in delivering tech-driven strategies and solutions that enhance business performance, which include customer support, back-office support, and content moderation.
The Ultimate Guide to Elevating Your Customer Experience
Discover how the powerful blend of AI and human expertise revolutionizes engagement, boosts revenue, and keeps you steps ahead of the competition.
The Ultimate Guide to Elevating Your Customer Experience
Discover how the powerful blend of AI and human expertise revolutionizes engagement, boosts revenue, and keeps you steps ahead of the competition. Download it now!
If you have an HR inquiry, please submit your request here.