Vivant logo table view
Get a Free Cost Analysis Today!

PCI DSS Compliance Levels Explained: Which One Applies to Your Business?

PCI DSS has four compliance levels based on transaction volume. Here's which level applies to your business and what it means for your compliance requirements.
Picture of Hamed Mazrouei

Hamed Mazrouei

Table of Contents

Find the content useful? Do someone a favor, share this article.

Contact Us

PCI DSS Compliance Levels Explained: Which One Applies to Your Business?

PCI DSS (Payment Card Industry Data Security Standard) compliance is tiered into four levels based on the number of card transactions your business processes annually. Understanding your level is the first step to knowing exactly what’s required.

The Four PCI Compliance Levels

  • Level 1: Over 6 million transactions/year — requires annual on-site audit by a Qualified Security Assessor (QSA)
  • Level 2: 1-6 million transactions/year — annual Self-Assessment Questionnaire (SAQ) plus quarterly network scans
  • Level 3: 20,000-1 million e-commerce transactions/year — annual SAQ plus quarterly scans
  • Level 4: Under 20,000 e-commerce or up to 1 million total transactions/year — annual SAQ, quarterly scans recommended

Most small and mid-sized businesses fall into Level 3 or 4. Vivant’s PCI compliance service is designed for Levels 3 and 4, making compliance straightforward and affordable. Learn more.

We’re here to help!
Are you dealing with complex Sales Challenges? Learn how we can help.
Contact Us

Going a step further

If you are interested in this topic, these articles may be of interest to you.
Scroll to Top