Merchant Level One - CISP
Merchants meet Level One if they:- Any merchant-regardless of acceptance channel-processing over 6,000,000 Visa transactions per year
- Any merchant that has suffered a hack or an attack that resulted in an account data compromise
- Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system
- Any merchant identified by any other payment card brand as Level 1
Merchant Level Two - CISP
Merchants meet Level Two CISP:- Any merchant-regardless of acceptance channel-processing 1,000,000 to 6,000,000 Visa transactions per year
Merchant Level Three - CISP
Merchants meet Level Three:- Any merchant processing 20,000 to 1,000,000 Visa e-commerce transactions per year
Merchant Level Four - CISP
Merchants meet Level Four:- Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants-regardless of acceptance channel-processing up to 1,000,000 Visa transactions per year
| Compliance Actions | Validation Actions | ||||
| Group | Level | Comply with PCI Data Security Standards | On-Site Security Audit | Self-Assessment Questionnaire | Network Scan |
| Merchant | 1 | Required | Required Annually | Required Quarterly | |
| 2 & 3 | Required | Required Annually | Required Quarterly | ||
| 4 | Required | Recommended Annually | Required Quarterly | ||
| Service Provider | 1 | Required | Required Annually | Required Quarterly | |
| 2 | Required | Required Annually | Required Quarterly | ||
| 3 | Required | Required Annually | Required Quarterly | ||
CISP Resources | Overview | Payment Applications | CISP Compliance Validation Basics | What To Do If Compromised | Merchant Levels for CISP Compliancy | Service Provider Levels for CISP Compliancy | Assessors | Terms for CISP Compliancy
