The site you requested may not be relevant in your area.

country flag
Skip to main content

The basics of PCI DSS compliance validation

While there are many aspects to data security, protecting your business from a data breach starts with a good foundation. Businesses that complete PCI DSS compliance validation have not only taken the first steps in guarding against a costly breach event, but also protect themselves from card brand non-compliance fines, fees, and assessments for forensic investigations, fraudulent purchases, and the cost of re-issuing cards. Current card brand regulations and certain state laws place more responsibility on businesses to protect cardholder payment data. There are information security standards for organizations that store, process, or transmit payment card data called Payment Card Industry Data Security Standard (PCI DSS). Failure to meet established industry and regulatory data security standards can result in fines, fees, a loss of income, and negative brand perception.

Four merchant levels of PCI DSS compliance

There are four merchant levels for PCI DSS compliance:

Level 1: Merchants processing over 6 million card transactions per year.
Level 2: Merchants processing 1 to 6 million transactions per year.
Level 3: Merchants handling 20,000 to 1 million transactions per year.
Level 4: Merchants handling fewer than 20,000 transactions per year.

Level 1: Merchants processing more than 6 million credit or debit card transactions annually. Report of compliance must be conducted by an authorized Qualified Security Assessor (QSA), and must undergo an internal audit once a year. Additionally, once a quarter, they must submit to a network scan by an Approved Scanning Vendor (ASV).

Level 2: Merchants processing between 1 and 6 million card-present credit or debit card transactions annually. They’re required to complete an assessment once a year using a Self-Assessment Questionnaire (SAQ). Additionally, a required quarterly network scan must be provided by an ASV.

Level 3: Merchants processing between 20,000 and 1 million transactions annually. They must complete a yearly assessment using the relevant SAQ. Additionally, a required quarterly network scan must be provided by an ASV.

Level 4: Merchants processing fewer than 20,000 transactions annually, or those that process up to 1 million transactions. A yearly assessment using the relevant SAQ must be completed or other alternative validation exercise as defined by the acquirer and a quarterly quarterly network scan may also be required from an ASV.

Elavon PCI solutions

Breach assistance
Elavon’s PCI program offers up to $20,000 per incident per MID of breach assistance per Customer ID number if you are enrolled and have validated your PCI DSS compliance.

The online portal takes you step-by-step through the PCI DSS compliance validation process, including assistance with the PCI Self-Assessment Questionnaire (SAQ) and network vulnerability scanning (if applicable).

Access to valuable tips, information and best practices that make it easy to understand how you can safeguard your business and your customer payment data.

Access to Elavon PCI professionals when you need it. We have answers to your PCI DSS questions through online help, email, and phone.

Request a call back

We want to hear from you. If you are interested in setting up a new merchant account with us, please contact us through the form below and we'll call between the hours of 9:00 AM and 7:00 PM EST, Monday-Friday. If you require assistance with an existing account, please call our customer service line 24/7/365. 

This contact form is for US customers only. If you are looking for one of our other locations, please visit to find your country or region. 

Form submitted successfully

You will receive a call from an Elavon representative shortly. 

If you would like to speak to someone now, please call 1-866-671-1583 to be connected with a payments professional. 

Please fill the required fields and submit again


Available Mon. – Fri.
9:00 AM - 7:00 PM EST

Customer Support

Available 24/7

By providing us with an email address you are expressly consenting to receiving email communications — including but not limited to marketing material/advertising, promotions, sales campaigns, and questioner/research surveys. By providing us with a telephone number for a cellular phone or other wireless device, including a number that you later convert to a cellular number, you are expressly consenting to receiving communications — including but not limited to prerecorded or artificial voice message calls, text messages, and calls made by an automatic telephone dialing system—from us and our affiliates and agents at that number. This express consent applies to each such telephone number that you provide to us now or in the future and permits such calls for non-marketing purposes. Calls and messages may incur access fees from your cellular provider. We accept relay calls. Your privacy is important to us. By clicking “submit” you agree to our terms and conditions.