On June 30 of this summer, Visa made compliance statistics of merchants’ public, detailing PCI Compliance figures for those working to achieve Level 1, Level 2 and Level 3 compliance. On Monday, October 31, 2011, the card brand released the most recent compliance numbers. The released results were mixed, with a positive trend for Level 1 merchants, but with an overall decrease for Level 2 and Level 3 compliance. It should be noted that the card brand has continued its practice of not reporting compliance numbers for Level 4 compliance, rather just announcing for this reporting period that Level 4 compliance is “moderate.”
Each PCI Compliance level is determined by the number of transactions that a merchant processes each year, as well as whether the transactions occur online, in a brick and mortar location or a combination of both. For Level 1 merchants more than six million Visa transactions must be processed a year; Level 2 merchants process from one to six million transactions a year; Level 3 merchants handle 20,000 to one million online Visa transactions a year; and Level 4 merchants process less than a one million Visa transactions per year.
The statistics were positive for Level 1 merchants, as a 98 percent compliance rate was reported. This number was up from the 97 percent compliance rate that was announced earlier in June 2011. These numbers were based on 407 retailers, which was also an increase compared to earlier this year when only 377 retailers were included in the reporting.
The PCI compliance numbers for Level 2s and Level 3s weren’t quite as encouraging. Level 2 merchants dropped from 96 percent compliance down to 91 percent. There were more Level 2 merchants accounted for in this report, with 1,060 compared to 881 in the summer report, which may have attributed to the decline in this case. Level 3 merchants saw a decline from 60 percent to 57 percent from October 2011 to June 2011 respectively. The number of Level 3 merchants being reported is the largest of the three groups, with 3,049 merchants, up 25 from the last reporting period. Compared to the other PCI compliance levels, these numbers may be alarming, though Level 3 tend to be new entry merchants, starting with a relatively low level of PCI DSS compliance, attributing to these percentages.
As the card security industry continues to push the need to achieve PCI compliance, it is somewhat concerning that the numbers overall are in a decline, as it would be expected that numbers in any group would show steady signs of improvement. There are still details that Visa is not reporting on, which could allude to the compliance decrease, though many are left speculating what exact causes can be pointed to.
For more information on how you can help your business achieve you PCI Compliance Level download our PCI compliance guide.