Listed below are the Merchants levels, criteria, and related validation requirements for VISA and MasterCard.  Though there are technically three other major payment brands (AMEX, Discover, and JCB), compliance with the two noted brands generally covers the others:


Merchant Level: 1

Merchant Criteria:

Any merchant, regardless of acceptance channel, processing more than 6,000,000 Visa transactions per year.

Any merchant that has had a data breach or attack that resulted in an account data compromise.

Any merchant identified by any card association as Level 1.


Merchant Level: 2

Merchant Criteria:

1 million – 6 million Visa or MasterCard transactions annually (all channels).


Merchant Level: 3

Merchant Criteria:

Merchants processing 20,000 to 1 million Visa or MasterCard e-commerce transactions annually.


Merchant Level: 4

Merchant Criteria:

Less than 20,000 Visa or MasterCard e-commerce transactions annually and all other merchants processing up to 1 million Visa or MasterCard transactions annually.


Service Provider

Business entity that is not a payment brand, directly involved in the processing, storage, or transmission of cardholder data on behalf of another entity.  This also includes companies that provide services that control or could impact the security of cardholder data.  Examples include managed service providers that provide managed firewalls, IDS and other services as well as hosting providers and other entities.  If an entity provides a service that involves only the provision of public network access—such as a telecommunications company providing just the communication link—the entity would not be considered a service provider for that service (although they may be considered a service provider for other services).


Electronic Environments

i.e. web server, database, laptop/workstation or file server.


Virtual Terminal

A virtual payment terminal is a Web-based version of a credit card swipe device that allows merchants to process orders made by mail, over the phone or online.  Virtual terminals facilitate payment for small businesses that might otherwise have difficulty accepting credit card payments.



ePDQ means electronic process data quickly – Barclaycards online solution for accepting cards over the internet and by phone, fax or mail order.


Don't Delay

Talk to our PFI Team Now!

Enquire Now.