|
All entities including merchants, service providers and financial institutions must get a quarterly scan completed to remain compliance with the PCI DSS standards. The table below lists the Quarterly network scan requirements for service providers by region. ControlCase provides a free network scan for 1 IP address. Quarterly scanning can then be setup within the portal.
Please click here if you would like to test out a PCI certified sample scan for you for 1 IP address.
Visa USA & CEMEA - Service Provider Levels and Validation Actions
| Level | Description | Validation Action |
| 1 |
All VisaNet processors (member and nonmember) and all payment gateways.* |
1>Annual On-Site PCI Data Security Assessment
2>Quarterly Network Scan
|
| 2 |
Any service provider that is not in Level 1 and stores, processes, or transmits more than 1,000,000 Visa accounts/transactions annually. |
1>Annual On-Site PCI Data Security Assessment
2>Quarterly Network Scan
|
| 3 |
Any service provider that is not in Level 1 and stores, processes, or transmits fewer than 1,000,000 Visa accounts/transactions annually. |
1>Annual PCI Self-Assessment Questionnaire
2>Quarterly Network Scan
|
*According to Visa, payment gateways are a category of agent or service provider that stores, processes, and/or transmits cardholder data as part of a payment transaction. Specifically, they enable payment transactions (e.g., authorization or settlement) between merchants and processors (VisaNet endpoints). Merchants may send their payment transactions directly to an endpoint, or indirectly to a payment gateway.
Visa Asia/Pacific - Service Provider Levels and Validation Actions
| Service Providers |
More than 600,000 Visa transactions per year |
Between 120,000 and 600,000 Visa transactions per year |
Less than 120,000 Visa transactions |
| Self assessment questionnaire |
Optional |
Mandated |
Mandated |
| Quarterly network scan |
Mandated |
Mandated |
Recommended |
| Onsite review |
Mandated |
Recommended |
Recommended |
MasterCard - Service Provider Levels and Validation Actions
| Level | Description | Validation Action |
| 1 |
All TPPs.
All DSE's that store, transmit, or process greater than 1,000,000 total combined MasterCard and Maestro transactions annually.
|
1>Annual On-Site PCI Data Security Assessment
2>Quarterly Network Scan
|
| 2 |
Includes all DSE's that store, transmit, or process less than 1,000,000 total combined MasterCard and Maestro transactions annually.
|
1>Annual PCI Self-Assessment Questionnaire
2>Quarterly Network Scan
|
For any additional information, please contact ControlCase at contact@controlcase.com
|
