What is required from each merchant?

What is required from each merchant?

The following is required by merchants by the payment card brands:

Merchant Level 1:

Annual on-site security audit conducted by a qualified security assessor (QSA).
- Alternatively, an internal audit is acceptable if signed by an officer of the company.
Quarterly network scan conducted by an independent scan vendor (ASV).

Merchant Level 2:

Annual PCI self assessment questionnaire, validated by the merchant.

Quarterly network scan conducted by an independent scan vendor (ASV).

Merchant Level 3:

Annual PCI self assessment questionnaire, validated by the merchant.

Quarterly network scan conducted by an independent scan vendor (ASV).

Merchant Level 4:

Recommended annual PCI self assessment questionnaire, validated by the merchant.

Recommended quarterly network scan conducted by an independent scan vendor (ASV).