Understanding PCI DSS Level 1 Compliance

Understanding PCI DSS Level 1 Compliance

Posted on October 31, 2019 in Compliance, Payment Technology Trends, Security

The Payment Card Industry Data Security Council (PCI Security Standards Council) is an open global forum that is responsible for the development, management, education and awareness of PCI Security Standards, including data security standards, payment application data security standards and pin transaction security. 

PCI Standards Overview

The council’s five founding global payment brands have agreed to incorporate PCI DSS as the technical requirements of each of their data security compliance programs. These standards are organized around seven distinct subject areas and twelve high level requirements, which include:  

  • building and maintaining a secure network
  • protecting cardholder data
  • maintaining a vulnerability management program
  • implementing strong access control measures
  • regularly monitoring and testing networks
  • maintaining an information security policy

Compliance Levels

There are different levels of PCI compliance requiredranked as Tiers 1-4; institutions are assigned tiers depending on the number of applicable transactions your institution transacts each year. Many higher education institutions require Level 1 PCI compliance…but, what does that mean?  

It’s important to understand that your “tier” defines institutions validation requirements…NOT the security standards a merchant or processor is accountable for.  

You meet Level 1 merchant criteria if:  

  • You process over 6 Million Mastercard or VISA transactions annually or
  • You have experienced an attack resulting in compromised card data

What changes will your institution see based on compliance levels?

Level 1 institutions must follow different rules than those at lower levels. The rules include:  

  • Complete an annual Report on Compliance through a Qualified Security Assessor 
  • Complete quarterly network scans by an Approved Scanning Vendor 
  • Complete the Attestation of Compliance Form​

Want to learn more about PCI DSS compliance? Click here to watch a free webinar from Nelnet Campus Commerce: Ensuring your Institution Meets the PCI Security Standards or contact us to see how we can help!

Connect with us

Request more information

We can find a custom-fit solution to meet your needs.

Request more information

Upcoming events

No upcoming events. Check back soon!