Calculating Merchant Transactions for PCI DSS

According to the Visa, Inc. CISP Program Web site, merchants fall into one of the four merchant levels based on Visa transaction volume over a 12-month period. MasterCard's SDP is similar to Visa's CISP program.

Gathering the correct numbers for transaction volume can be confusing, but for Visa, Inc., the merchant's transaction volume is based on the aggregate number of Visa transactions-credit cards, debit cards, prepaid cards-from a merchant Doing Business As ("DBA").

For merchants and/or merchant corporations who operate more than one DBA, the aggregate volume of stored, processed or transmitted transactions by the corporate entity must be considered, to determine the validation level.

If the corporate entity does not store, process or transmit cardholder data on behalf of the multiple DBAs, members will continue to consider the DBA's individual transaction volume to determine the validation level.

Confusing?

Here is Kark's answer to the same question about how to calculate transactions for more than one merchant.

"If an organization has several merchants, you have to aggregate all of those [merchant transaction] numbers, in order to come up with a number that you have in terms of the credit card data that resides within your organization, and the amount of transactions that you are processing within your organization," said Kark.

Continuing, he said, "If you house credit card information, in whatever form, if you house it in your server, that you own or you added, then you are basically responsible for complying with PCI…merchants need to be added [to the transaction volume] if you are housing credit card information for the specific merchant."

                    

Print this page

Send this page to a friend

PCI DSS: 5 Guidelines for Gaining PCI Compliance Step 1: An Introduction to PCI Compliance PCI Compliance Introduction Who Put the DSS in PCI? Step 2: Finding The PCI DSS Merchant, Service and Compliance Level Should Your Organization be Concerned about PCI Compliance? PCI DSS: The Visa CISP Program MasterCard SDA Program Defining Merchant Validation Levels Level 4 Merchant Compliance Visa PCI CAP Program Defining Service Provider Validation Levels Acquirer Responsibility Calculating Merchant Transactions PCI DSS: Visa and MasterCard Quick Reference Guide Step 3: Attaining PCI DSS Compliance-Merchant Security Audits: 12 Requirements Build and Maintain a Secure Network Protect Cardholder Data Maintain a Vulnerability Management Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Step 4: Finding a PCI DSS Approved Scanning Vendor (ASV) Do You Need an ASV? Merchant and Service Provider Scanning Requirements Compliance Reporting Visa and Compliance Reporting MasterCard and Compliance Reporting Step 5: Completing the PCI DSS Self Questionnaire Completing the PCI DSS Self Questionnaire PCI Compliance Polls Are you currently PCI Compliant? Yes No Working towards compliance Why are you looking at PCI Compliance Required By Credit Card Processor Required By Bank Want to meet industry standards Looking to secure network What merchant level do you fall under for PCI Compliance? Level 1 Level 2 Level 3 Level 4 I have no idea View PCI Merchant Level Results View All PCI Compliance Poll Results EV SSL Certificate Guide Sponsored Listing: