VISA MODIFIES MERCHANT CATEGORIES IN PCI COMPLIANCE
July 07, 2006Visa USA announced Friday changes in merchant categories for its Payment Card Industry Data Security Standard (PCI). The changes are designed to decrease the risk of data compromises for higher volume merchants, Visa reports. The level 2 merchant category has been broadened to include any merchant processing 1 million to 6 million Visa transactions a year in any card acceptance channel.
Previously, the level 2 category covered merchants that processed between 150,000 and 6 million Visa e-commerce transactions per year. Visa estimates the change means about 1,000 level 4 merchants will move into the level 2 category, and the same number of level 2 merchants will be moved into level 3. Merchant acquirers will inform their affected merchants in the next two months, Visa reports. The affected merchants will be required to validate their PCI compliance with their acquirer within 12 months after being informed of the change. There is no change for level 1 merchants. The level 3 category will now cover any merchant processing 20,000 to 1 million Visa e-commerce transactions a year from those processing 20,000 to 150,000 Visa e-commerce transactions a year. Level 4 will now include any merchant processing less than 20,000 Visa e-commerce transactions per year, and all other merchants processing up to 1 million Visa transactions a year.