When it comes to processing payments and complying with PCI DSS (Payment Card Industry Data Security Standards) there are four different merchant levels which your organisation may fall into.

Your merchant level is determined by the number of transactions you process annually and whether you’ve been affected by data breaches before. If you have been affected, or process over 6 million annual transactions, you will be categorised at Level 1. This means you must adhere to PCI DSS Level 1 guidelines.

Yet even if you process fewer than 6 million transactions annually and have a squeaky clean record, abiding by PCI DSS Level 1 may still be a smart move for your business…

Same Standards, Different Practices

Level 1, 2, 3 and 4 merchants must all abide by precisely the same set of standards. The only difference between the levels is how compliance is assessed. While Levels 2, 3 and 4 can be self-assessed using a Self-Assessment Questionnaire (SAQ) and an Attestation of Compliance (AoC) submitted by an internal assessor (generally your chief financial officer), Level 1 must be assessed annually by an independent Qualified Security Assessor (QSA).

Why Comply with Level 1?

If you’re serious about protecting your business and your customers, Level 1 really should be the standard you work to.

With many, many hoops to jump through, full PCI DSS compliance is incredibly tough for many businesses, which can lead to shortcuts being taken and mistakes being made – even by the most scrupulous and well-intentioned internal assessor.

Input from an independent QSA on the other hand, ensures you know precisely where your weak points are, allowing you to plug gaps and work towards the highest possible standards of data security.

Would you like to reduce the burden of PCI DSS compliance in your contact centre? Our smart solutions ensure cardholder data never touches your system, reducing your compliance obligations. For more information, please contact our specialist PCI advisers today for a no-obligation discussion about your specific requirements.