{"id":1832,"date":"2020-12-02T17:17:07","date_gmt":"2020-12-02T17:17:07","guid":{"rendered":"https:\/\/sectigostore.com\/blog\/?p=1832"},"modified":"2021-01-04T15:16:16","modified_gmt":"2021-01-04T15:16:16","slug":"pci-merchant-compliance-levels","status":"publish","type":"post","link":"https:\/\/sectigostore.com\/blog\/pci-merchant-compliance-levels\/","title":{"rendered":"What Are the 4 PCI Merchant Compliance Levels?"},"content":{"rendered":"\n

What you need to know about PCI DSS merchant levels and how they affect your PCI compliance\u2026<\/h2>\n\n\n\n

Are you here to learn about the PCI compliance levels for merchants? We\u2019ve got you covered with this guide that breaks down the four merchant levels.<\/p>\n\n\n\n

Not many people have even heard of the Payment Card Industry Data Security Standards (PCI DSS), but these standards affect everyone with a credit card (or who processes credit card transactions) every day. In 2004, when credit card fraud was running rampant, credit card companies knew they needed some way to mitigate the issue or risk facing a never-ending line of unhappy customers. The problem was that if they tried to force merchants and service providers into meeting their desired security requirements, the merchants would just switch to another credit card company who wasn\u2019t enforcing such high standards.<\/p>\n\n\n\n

To combat this, five of the largest credit card companies joined together to create the PCI Security Standards Council<\/a> and PCI DSS with it. This way, merchants and service providers were forced to play by the council\u2019s rules or face their wrath (in the form of fines from the individual card companies). Yes, I know that last line sounded very Game of Thrones-ish, but I assure you that PCI DSS are for the cardholder\u2019s benefit \u2014 they ensure merchants provide top-notch security for the cardholder\u2019s data.<\/p>\n\n\n\n

However, with the creation of PCI DSS, it became clear to the PCI Security Standards Council that not all merchants needed to meet the same standards. With this latest iteration of PCI DSS (PCI DSS version 3.2.1<\/a>) which features hundreds of security controls, it\u2019s just not practical nor necessary for every business to meet every standard, and this is why the PCI DSS merchant compliance levels were created.<\/p>\n\n\n\n

In this article, we dive into the PCI DSS merchant compliance levels, what their differences are, and how each level affects companies differently.<\/p>\n\n\n\n

More on PCI DSS & Why Merchant Compliance Levels Are Necessary<\/h2>\n\n\n\n

The point behind PCI DSS is to mitigate vulnerabilities and enforce security standards that helps merchants better protect cardholder data. Unfortunately, data is a very sough after and lucrative target of hackers. Since 2005, there have been more than 11 billion<\/a> data records breached, according to privacyrights.org. This is why security is needed for the entire card-handling process as there are a number of areas that could be breached.<\/p>\n\n\n\n

From processing devices to servers to web applications to transmitting data, every step of the process needs some type of security. PCI DSS extends beyond merchants to ensure that even service providers meet the standards. Service providers are defined<\/a> as \u201cfinancial institutions that initiate and maintain the relationships with merchants that accept payment cards.\u201d<\/p>\n\n\n\n

To avoid facing noncompliance fines, merchants and service providers must maintain PCI compliance. The PCI DSS compliance levels help merchants know what requirements they are expected to meet. To learn a bit more about PCI DSS, the requirements that merchants are expected to meet, what a self-assessment is and more, we have some related resources you will find valuable:<\/p>\n\n\n\n