PCI Cards Data SecurityBusiness Cards, Advertising & Banking Management
EDATACARDS.COM MEDIA, BANKCARD , CRM & BEST PRICING
here are three levels of data that determine authorization and interchange pricing. All transactions require information to be authorized, but certain transactions require more information than others. The amount of data required for a transaction determines if it is a Level 1 transaction, a level 2 transaction, or a level 3 transaction, and these levels can have an effect on interchange rates. This article will cover Data Levels 1 & 2, for a more in-depth article about Level 3 click here.
Level 1 is the most basic level of data, and it is the most common as well. This is what most consumer transactions fall under, and it requires the least amount of data to be authorized. Most merchants will fall under the criteria for Level 1 processing and will never need higher levels of data processing because they do not sell business-to-business or business-to-government. The data required for level 1 transactions are very simple: merchant name, merchant code, date of purchase, and purchase amount. Because level 1 transactions capture the least amount of data (and because the ticket sizes are generally much smaller), the interchange rates are higher than levels 2 and 3. Additionally, Level 1 transactions can be processed using a normal terminal or gateway.
Level 2 data processing is commonly used in business-to-business transactions. Along with the four data fields required for level 1, level 2 requires five additional pieces of data: sales tax amount, customer code, merchant zip code, merchant tax ID number, and for MasterCard, applicable women- or minority-owned merchant status. With this extra information, credit card companies assess that the risk of fraud is lower, which is reflected in lower interchange rates.
Since Level 2 requires more data, the equipment used to capture this data must be set up to do so. When accepting Level 2, most merchants have a payment gateway set up to automatically capture the data, which makes this process much less of a headache. However, a physical credit card terminal can be set up to accept Level 2 payments as well and the data can be entered manually, if one so chooses.
Merchants who want to qualify for the lower interchange rates associated with levels 2 and 3 should speak with their processor to determine if it’s a feasible decision for their business and what they can do to accept it. Not all businesses need to process transactions that require levels 2 and 3 data, especially not if they’re primarily selling to consumers. Contact eDataCards.com today to speak with someone about how we can provide ways to accept all levels of data processing.
n 2006, due to the ubiquity of online shopping and lack of security around a new form of credit card use, American Express, MasterCard, Visa, Discover, and JCB International founded the Security Standards Council to combat the threat of cardholder data theft. This council drafted rules for merchants and payment processors, designed to protect cardholder data and keep everyone safe from fraud. The PCI-DSS—the Payment Card Industry Data Security Standards—are regulations that all merchants must stay compliant with in order to accept credit cards.
4 Levels of Compliance
This is considered the highest level of security. Merchants who must comply with Level 1 do more than 6 million Visa or Mastercard transactions annually. However, Visa may use their discretion to deem any merchant Level 1 depending on perceived risk. Level 1 is the only level where in-person assessments by a Qualified Security Assessor (QSA) and network scans of the merchant must be conducted on a yearly basis.
Merchants who must comply with Level 2 do between 1 million and 6 million Visa or Mastercard transactions annually. Unlike Level 1 merchants, Level 2 merchants, along with merchants belonging to Levels 3 and 4, do not have to be assessed by a QSA. Instead, merchants can assess themselves using the PCI questionnaire. The merchants who belong to the bottom three levels also must conduct a quarterly network scan and submit an attestation of compliance form.
Merchants who must comply with Level 3 do between 20,000 and 1 million Visa or Mastercard transactions annually.
Merchants who must comply with Level 4 do less than 20,000 Via or MasterCard transactions annually.
No matter what PCI level your business belongs to, eDataCards.com is here to help. We ourselves are Level 1 compliant, so we know how important it is to protect cardholder data. We have partnered with ControlScan to keep the PCI-compliance process as simple as possible for our merchants while also being ahead of the game in security.