The PCI compliance levels, or tiers, refer to card transaction volume (credit, debit, and prepaid) over a 12-month period.
- PCI Compliance Level 1 - greater than 6M Mastercard or Visa transactions annually, or, a merchant that has experienced an attack resulting in compromised card data, or, a merchant deemed level 1 by a card association.
- PCI Compliance Level 2 - between 1M and 6M Mastercard or Visa transactions annually.
- PCI Compliance Level 3 - between 20,000 and 1M e-commerce Mastercard or Visa transactions annually.
- PCI Compliance Level 4 - less than 20,000 card Mastercard or Visa e-commerce transactions annually, OR up to 1M Mastercard or Visa transactions annually.
Levels 2, 3, and 4 all have the same validation requirements - yearly self-assessment using the PCI SSC self-assessment questionnaire, a quarterly network scan by an approved scanning vendor (also available through PCI SSC), and an attestation of compliance form.
For PCI level 1 compliance, the merchant is required to have yearly assessments of compliance by a Qualified Security Assessor (QSA), in addition to the requirements for levels 2, 3, and 4.
Since Freshdesk’s PCI compliance is audited on a yearly basis by an external QSA, we’re level 1 PCI compliant, and those who make over 6 million transactions can use our platform.