PCI Compliance Update: Level 1 Down Slightly, Levels 2 and 3 Up Just As Slightly
Written by Evan SchumanThe latest batch of PCI compliance stats from Visa shows slight changes—all of one percent—in all categories with meaningful public numbers.
Level 1s dropped from 98 percent to 97 percent in the figures current as of June 30, 2012, while both Level 2 and Level 3 retailers increased (2s went from 92 percent to 93 percent and 3s went from 59 percent to 60 percent, when compared with Visa’s reported March 31 figures).
The Level 1s dropped that one percent while also shedding four chains from its categories, going from 407 to 403. Level 2 lost two merchants (going from 1,060 to 1,058), and Level 3 lost 11 merchants. Visa still does not publish any meaningful stat on how Level 4s are doing compliance-wise, sticking with an undefined “moderate” ranking.
It should also be noted that Visa has, for years, reported on compliance for VisaNet Processors (direct connection)—last reported as 97 percent compliant—and Agent (downstream)—last reported as 95 percent compliant. Those categories no longer appear on the compliance reports, and no explanation was offered.
For the record: Level 1s process more than 6 million Visa transactions annually; Level 2s handle 1 million to 6 million Visa transactions annually; Level 3s deal with 20,000 to 1 million online Visa transactions a year; and Level 4s are those retailers processing fewer than 20,000 Visa E-Commerce transactions annually, along with retailers processing as many as 1 million Visa transactions of any type annually.
Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code.
-Marc
