PCI - Levels

CategoryCriteriaRequirementsCompliance date
Level 1
  • Any merchant that has suffered a hack or an attack that resulted in an account data compromise
  • Any merchant having more than six million total combined Mastercard and Maestro transactions annually
  • Any merchant meeting the Level 1 criteria of Visa
  • Any merchant that Mastercard, in its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the system
  • Annual Onsite Assessment1
  • Quarterly Network Scan conducted by an ASV2

30 June 20123
Level 2
  • Any merchant with more than one million but less than or equal to six million total combined Mastercard and Maestro transactions annually
  • Any merchant meeting the Level 2 criteria of Visa
  • Annual Self-Assessment4
  • Onsite Assessment at Merchant Discretion4
  • Quarterly Network Scan conducted by an ASV2

30 June 20124
Level 3
  • Any merchant with more than 20,000 combined Mastercard and Maestro e-commerce transactions annually but less than or equal to one million total combined Mastercard and Maestro e-commerce transactions annually
  • Any merchant meeting the Level 3 criteria of Visa
  • Annual Self-Assessment
  • Quarterly Network Scan conducted by an ASV2

30 June 2005
Level 4
  • All other merchants5
  • Annual Self-Assessment
  • Quarterly Network Scan conducted by an ASV2

Consult Acquirer
  • pci, security, transactions
  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

PCI DSS - requirements

Six Goals, 12 Requirements GoalsPCI DSS Requirements Build and Maintain  a Secure...