PCI – Risks – Level 4 Requirements

Home / PCI – Risks – Level 4 Requirements

PCI – Risks – Level 4 Requirements

Payment Card Industry’s Data Security Standards and the guidelines small merchants should follow.

Payment Card Industry (PCI) Compliance All merchants must be PCI compliant.  PCI compliance refers to a merchant’s compliance with the industry’s Data Security Standards (DSS) which are promulgated to protect cardholder data.  Not only do you want to protect cardholder data to ensure your customer data is secure but should you be hacked and found to be operating outside of industry standards then you could be liable for significant fines from the Card Networks as well as required to notify all impacted customers; certainly a very expensive and embarrassing situation.

The size of your business dictates the required administration and validation needed to comply with the industry’s Data Security Standards.  From Visa’s website, you can validate your level, however as most merchants are Level 4, we have indicated those requirements and attributes below.

Level 4: Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually


Annual Self Assessment Questionnaire (SAQ) recommended • Quarterly network scan by an Approved Scan Vendor (ASV) if applicable • Compliance validation requirements set by acquirer

The full definition of all four levels can be found at the following site:


While the requirements for PCI compliance vary radically depending on the type of merchant and method of processing, keys to remember are:

All merchants must complete an SAQ.  These are managed by the PCI Security Standards Council and can be found at:


The PCI Security Standards Council was founded by American Express, Discover, JCB, MasterCard and Visa.  The Standards Council is an open global forum launched in 2006.  Basic rules for small merchants include:

– PIN data, magnetic stripe data, CVV data must never be stored in any format. – If cardholder data is stored, it must be encrypted and if physical copies are kept, they must be in locked cabinets. – Any third party storing, transmitting or processing card data must be PCI compliant and listed as PCI compliant on the following site:


– If your card processing equipment, PC or software is connected to the Internet, you should install a commercial grade firewall and get scanned quarterly by an approved scan vendor (ASV).


Contact Merchant Zoom today and we’ll consult with you on your best options.

Headquartered in Pinole California, MerchantZoom, Inc. was founded by Wally Arakozie. Previously employed by one of the largest merchant processing companies here in California for nearly a decade. Since the company’s beginnings MerchantZoom, has grown into a reputable national merchant provider.  Along with delivering state of the art technology and competitive rates, MerchantZoom, thrives on personalized local customer service and support. In order for your business to ZOOM!


759 Appian Way Ste 1A Pinole, CA 94564

E-Mail Us


Contact Us






LinkedIn https://www.linkedin.com/in/mchzoom

Twitter https://twitter.com/mchzoom


Content Release Date April 17, 2017 – MerchantZoom Inc.

Press Release by 72 Charms LLC, content is the responsibility of MerchantZoom, 72 Charms simply does it’s work for hire, contact us if you need to promote your business, otherwise, contact, MerchantZoom at http://mchzoom.com to take care of your processing needs.    If you need social media content management or WordPress design reach out us at www.72charms.com

Leave a Comment

%d bloggers like this: