Global: +91.982.029.3399

PCI Certification

More information

Quote

ControlCase International will, as required for the project, deploy a PCI audit team of qualified personnel to carry out an on-site security assessment. After going through internal quality procedures the client will be issued a Report on Compliance (ROC) and appropriate certification will be submitted to various credit card brands.

Certification requirements are dependent on the level of the service providers. Following are the certification requirements from Visa and MasterCard,

Visa USA & CEMEA - Service Provider Levels and Validation Actions

LevelDescriptionValidation Action
1 All VisaNet processors (member and nonmember) and all payment gateways.* 1>Annual On-Site PCI Data Security Assessment
2>Quarterly Network Scan
2 Any service provider that is not in Level 1 and stores, processes, or transmits more than 1,000,000 Visa accounts/transactions annually. 1>Annual On-Site PCI Data Security Assessment
2>Quarterly Network Scan
3 Any service provider that is not in Level 1 and stores, processes, or transmits fewer than 1,000,000 Visa accounts/transactions annually. 1>Annual PCI Self-Assessment Questionnaire
2>Quarterly Network Scan

*According to Visa, payment gateways are a category of agent or service provider that stores, processes, and/or transmits cardholder data as part of a payment transaction. Specifically, they enable payment transactions (e.g., authorization or settlement) between merchants and processors (VisaNet endpoints). Merchants may send their payment transactions directly to an endpoint, or indirectly to a payment gateway.

Visa Asia/Pacific - Service Provider Levels and Validation Actions

Service Providers More than 600,000 Visa transactions per year Between 120,000 and 600,000 Visa transactions per year Less than 120,000 Visa transactions
Self assessment questionnaire Optional Mandated Mandated
Quarterly network scan Mandated Mandated Recommended
Onsite review Mandated Recommended Recommended

MasterCard - Service Provider Levels and Validation Actions

LevelDescriptionValidation Action
1 All TPPs.
All DSE's that store, transmit, or process greater than 1,000,000 total combined MasterCard and Maestro transactions annually.
1>Annual On-Site PCI Data Security Assessment
2>Quarterly Network Scan
2 Includes all DSE's that store, transmit, or process less than 1,000,000 total combined MasterCard and Maestro transactions annually. 1>Annual PCI Self-Assessment Questionnaire
2>Quarterly Network Scan

Merchant Service Provider Levels and Validation Actions

Merchant LevelSelection CriteriaValidation ActionsValidated By
1 Any merchant -regardless of acceptance channel - processing more than 6,000,000 Visa transactions per year Any merchant that has suffered a hack or an attack that resulted in an account data compromise Any merchant identified by any card association as Level 1 Annual On-Site Security Audit and Quarterly Network Scan Independent Security Assessor or Internal Audit if signed by an Officer of the company Qualified Independent Scan Vendor
2 1 million 6 million Visa or MasterCard transactions per year Annual PCI Self-Assessment Questionnaire and Quarterly Network Scan Merchant Qualified Independent Scan Vendor
3 20,000 1 million Visa or MasterCard e-commerce transactions per year Annual PCI Self-Assessment Questionnaire and Quarterly Network Scan Merchant Qualified Independent Scan Vendor
4 Less than 20,000 Visa or MasterCard e-commerce transactions per year, and all other merchants processing up to 1 million Visa or MasterCards transactions per year Recommended Annual PCI Self-Assessment Questionnaire and Quarterly Network Scan Merchant Qualified Independent Scan Vendor
Note:
While compliance is mandatory for Level 4 Merchants, validation is optional but strongly recommended