The PCI DSS (Payment Card Industry Data Security Standard) was founded by Visa, Mastercard, American Express, and Discover in 2004 to ensure that merchants meet minimum levels of security when they store, process and transmit cardholder data.
![]() |
PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accept, transmit or store any cardholder data.
The PCI Standards Council has created a comprehensive and easy to use website which clearly spells out compliance mandates and provides merchants with resources to be compliant.
According to the PCI Standards Council, all merchants will fall into one of the four merchant levels based on Visa transaction volume over a 12-month period:
Merchant Level | Description |
1 | Any merchant — regardless of acceptance channel — processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system. |
2 | Any merchant — regardless of acceptance channel — processing 1M to 6M Visa transactions per year. |
3 | Any merchant processing 20,000 to 1M Visa e-commerce transactions per year. |
4 | Visa e-commerce transactions per year, and all other merchants — regardless of acceptance channel — processing up to 1M Visa transactions per year. |
Want some more information about how the PCI mandate applies to your company? Check out these resources: