Get a demo
Blog Page
Want more content?

By subscribing to our mailing list, you will be enrolled to receive our latest blogs, product updates, industry news, and more!

PCI

PCI DSS Levels Explained: What You Should Know

Anni Burchfiel
Apr 29, 2024
Want more content?

By subscribing to our mailing list, you will be enrolled to receive our latest blogs, product updates, industry news, and more!

What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards put in place by major card brands to ensure the safety of cardholder data. It is designed to ensure that every single company that interacts with credit card information maintains a secure environment. If you are unfamiliar with PCI DSS, or need PCI compliance assistance, visit our PCI resource center where we share PCI DSS information every business should know. 

Why Does PCI Compliance Matter?

PCI compliance is crucial for any business handling cardholder data. The requirements outlined by PCI DSS are designed to ensure the protection of sensitive cardholder information. If you’re a merchant who handles cardholder data, PCI DSS compliance is essential to maintain security and trust with customers.  

Additionally, there are severe consequences for noncompliance, including fines, legal actions, and reputational damage. PCI DSS is not a law, but it is required by most major card brands. If you’re currently struggling with remaining PCI compliant, you can read more about the consequences of PCI noncompliance (and quick paths to compliance) in this blog.    

What Are the Four Levels of PCI DSS? 

PCI DSS levels separate companies based on their annual transaction volumes. PCI DSS has four levels, and each level has requirements tailored to the size of companies processing payments at that level.   

PCI DSS Level 1 

Level 1 applies to businesses processing over six million transactions annually.  

These organizations must: 

  • Undergo an annual assessment by a Qualified Security Assessor (QSA) who will help them submit a Report on Compliance (ROC) 
  • Complete an attestation of compliance (AOC) 
  • Complete a quarterly network scan that has been completed by an approved scanning vendor (ASV) 

PCI DSS Level 2 

Businesses processing between one and six million transactions per year fall under Level 2.  

These organizations must: 

  • Undergo an annual assessment, but they can complete a Self-Assessment Questionnaire (SAQ) instead of using a QSA to submit an ROC. 
  • Complete an attestation of compliance (AOC) 
  • Complete a quarterly network scan that has been completed by an approved scanning vendor (ASV) 

PCI DSS Level 3 

Level 3 applies to businesses processing between 20,000 and one million e-commerce transactions annually.  

These organizations must: 

  • Undergo an annual assessment by completing a Self-Assessment Questionnaire (SAQ)  
  • Complete an attestation of compliance (AOC) 
  • Complete a quarterly network scan that has been completed by an approved scanning vendor (ASV) 

PCI DSS Level 4 

Level 4 applies to businesses processing fewer than 20,000 e-commerce transactions or up to one million transactions via other channels annually.  

These organizations must: 

  • Undergo an annual assessment by completing a Self-Assessment Questionnaire (SAQ)  
  • Complete an attestation of compliance (AOC) 
  • Complete a quarterly network scan that has been completed by an approved scanning vendor (ASV) 

No matter what compliance category they fall into, every company must undergo an annual assessment. For more details on the annual assessment requirements in 2024, read our updated requirement breakdown here. 

How to Know if You Are PCI DSS Compliant 

 Depending on the PCI DSS level, businesses will either complete a SAQ or have their compliance verified by a QSA. To ensure compliance, it’s crucial to follow the appropriate procedures outlined for your level. This annual audit process will help companies identify gaps in their compliance and can be used as a time to update systems and fix issues. 

Unsure if your company is PCI DSS compliant? You can explore a comprehensive PCI compliance checklist in our full breakdown here:

PCI Compliance Checklist

How TokenEx Can Help You Achieve PCI Compliance  

Understanding the levels of PCI DSS and their requirements is essential for a business aiming to maintain the security of their cardholder data. By adhering to PCI compliance standards and leveraging solutions like TokenEx, businesses can mitigate risks and build trust with their customers.  

TokenEx offers robust solutions to assist businesses in achieving and maintaining PCI compliance. With our expertise and tools, you can streamline the compliance process and focus on your core business objectives. Contact us today to learn more about how TokenEx can help you achieve PCI compliance. 

Related Blog Posts

Not found

5314 S. Yale Avenue, Suite 800,
Tulsa, OK 74135

Contact Us

sales@tokenex.com

Platform

Resources

Company

© 2024 TokenEx, Inc.

Privacy Policy
“We never touch any payment data in our contact centers, retail stores, websites, or in the field. That’s a big relief.”
Tyson Martin
Tyson Martin

Orvis Chief Information Security Officer

“TiloPay reduced its PCI scope by roughly 80 to 90 percent because they do not store credit card data internally.”
Henry Nanne headshot from TiloPay
Henry Nanne

TiloPay CTO

“TokenEx is a stable and reliable solution. We haven’t had to incorporate any major technology or version changes due to TokenEx since deployment. And since PCI Level 1 Compliance is an expectation for payment processors, by using TokenEx, we’ve streamlined our audits.”
James Robinson at Payliance headshot
James Robinson

Payliance Director of Product

Customer stories

Payliance logo
Pay N Seconds
Orvis logo
Payouts Network logo
Get connected to a payment security expert.

Book time for a 30-minute session to explore how TokenEx can help your business.