Merchant Levels
| Level | MasterCard Transaction Volume | Visa Transaction Volume |
|---|---|---|
| 1 |
6,000,000
|
6,000,000
|
| 2 | 1,000,000 | 1,000,000 |
| 3 | 20,000 - 1,000,000 | 20,000 - 1,000,000 |
| 4 | < 20,000 | < 20,000 |
DSS Requirements - Objective 1
| Build and Maintain a Secure Network and Systems | |
|---|---|
| 1. | Install and maintain a firewall configuration to protect cardholder data |
| 2. | Do not use vendor-supplied defaults for system passwords and other security parameters |
DSS Requirements - Objective 2
| Protect Cardholder Data | |
|---|---|
| 3. | Protect stored cardholder data |
| 4. | Encrypt transmission of cardholder data across open, public networks |
DSS Requirements - Objective 3
| Maintain a Vulnerability Management Program | |
|---|---|
| 5. | Protect all systems against malware and regularly update anti-virus software or programs |
| 6. | Develop and maintain secure systems and applications |
DSS Requirements - Objective 4
| Implement Strong Access Control Measures | |
|---|---|
| 7. | Restrict access to cardholder data by business need to know |
| 8. | Identify and authenticate access to system components |
| 9. | Restrict physical access to cardholder data |
DSS Requirements - Objective 5
| Regularly Monitor and Test Networks | |
|---|---|
| 10. | Track and monitor all access to network resources and cardholder data |
| 11. | Regularly test security systems and processes |
DSS Requirements - Objective 6
| Maintain an Information Security Policy | |
|---|---|
| 12. | Maintain a policy that addresses information security for all personnel |
Roadmap to Compliance
