Pci dss compliance level 4 applies to Includes merchants processing fewer than 20,000 ecommerce transactions or up to 1 million total transactions annually They must complete an saq and may need to undergo a network scan by an approved scanning vendor (asv). It’s essential to accurately count and report your transaction volumes, as they directly influence your classification and the specific compliance measures you must undertake. Generally, small retailers and local businesses Each payment brand may have nuances (for example, jcb treats all >20,000 transactions as level 2, and any breach can elevate a merchant to level 1).
Historically required an saq, but new changes now include mandatory quarterly avs scanning. Compliance requirements for level 4 merchants Level 4 merchants typically only need to complete an annual saq. In fact, merchants processing less than a million jcb transactions a year are considered level 2 merchants Pci level 4 level 4 merchants process fewer than 20,000 transactions per year and have the least stringent reporting requirements of all four compliance levels Small businesses often fall into this compliance category and only require an saq including applicable asv scanning and penetration testing requirements.
