Level 2 and 3 PCI compliance grows

Level 2 and 3 PCI compliance grows

Even as the number of businesses grew in the Level 2 and Level 3 areas of PCI compliance, the businesses became a bit more compliant, according to StorefrontBacktalk. Level 2 went from 91 percent at the end of December 2011 to 92 percent as of March 31 and Level 3 went from 58 percent to 59 percent in the same period. Businesses need to keep up with PCI compliance rules but should also be sure to have encryption, such as VeriSign SSL certificates, and other security measures in place.

The 407 Level 1 companies, representing the largest chains that process 6 million Visa transactions per year, stayed at 98 percent, according to the news source.

"With changes as small as 1 percent, it’s hard to determine what, if anything, caused the change," Storefront Backtalk said of the changes for this quarter. "The number of Level 2s (1 million to 6 million Visa transactions annually) dropped slightly (from 1,066 to 1,060), so it’s possible a couple of the chains that left might have had compliance issues."

The news source had previously expressed concern about the low compliance of Level 3 businesses, but it seems like this quarter brought positive news all around for these companies. There was a 2.5 percent increase in the number of Level 3 merchants from 3,149 to 3,229, all while still keeping up with compliance at a greater clip. These businesses should look to continue on this path.

Visa said that for Level 3 PCI compliance, merchants profess 20,000 to 1 million eCommerce transactions. They need a quarterly network scan, a compliance form and an annual SAQ to be validated each year. Companies on this level should also be sure to get encryption help from companies such as Thawte and GeoTrust.