Self Assessment
Questionnaire
Network Scan
Questionnaire
| PCI Merchant Levels | ||||
| Level | Description | Validation Requirements | ||
| Annual Onsite Audit | Annual Self Assessment Questionnaire |
Quarterly External Network Scan |
||
| 1 | 1. Any merchant, "regardless of acceptance channel, processing over 6,000,000 Visa transactions per year. | Contact nCircle for more information about onsite security audits. | Fill out Self-Assessment Questionnaire |
|
| 2. Any merchant that has suffered a hack or an attack that resulted in an account data compromise. | ||||
| 3. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system. | ||||
| 4. Any merchant identified by any other payment card brand as Level 1 | ||||
| 2 | Any merchant-regardless of acceptance channel-processing 1,000,000 to 6,000,000 Visa transactions per year | N/A | ||
| 3 | Any merchant processing 20,000 to 1,000,000 Visa e-commerce transactions per year. | N/A | ||
| 4 | Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants-regardless of acceptance channel-processing up to 1,000,000 Visa transactions per year. | N/A | ||
| 5 | All other merchants (not included in descriptions for SAQs A-C above) and all service providers defined by a payment brand as eligible to complete an SAQ | N/A | ||