U.S. merchant compliance with the Payment Card Industry Data Security Standard has changed little since last fall, according to latest compliance update Visa Inc. released this week.
The update, for the quarter ended Dec. 31, shows that 96% of Level 1 merchants–those with 6 million or more annual Visa transactions–had been validated as compliant with the PCI standard compared with 97% that were the previous quarter.
Level 1 merchants, numbering 360 as of Dec. 31, accounted for 50% of Visa’s transactions.
Among Level 2 merchants–those with between 1 million and 6 million annual Visa transactions–the compliance rate remained unchanged at 94%. Visa counts 895 Level 2 merchants, which handle about 13% of Visa’s transactions.
Visa lists the compliance rate for Level 3 e-commerce merchants that accept 20,000 to 1 million online Visa transactions as “moderate”, unchanged from the Sept. 30 report. The company uses moderate to define validation compliance because the number of e-commerce merchants fluctuates dramatically from quarter to quarter, a Visa spokesperson says. These merchants–numbering 2,524–accounted for less than 5% of Visa’s overall transactions during the quarter.
Level 4 merchants, by far the largest group with an estimated 5 million, also maintained “moderate” compliance. Visa bases its judgment of Level 4 merchant compliance based on reports from acquirers, which track compliance with these merchants, the spokesperson says. Level 4 merchants account for 32% of Visa’s overall transactions, Visa says.
Measuring and improving compliance rates among these merchants, each of which processes less than 1 million Visa transactions per year, has been challenging. Many merchant acquirers and independent sales organizations have started programs, often charging fees to participate, to improve small-merchant compliance.
One ISO, Sterling Payment Technologies Inc. of Tampa, Fla., says 68% of its merchants enrolled in its program within four months, and more than two-thirds of them achieved PCI compliance. Sterling did not say how many merchants it has.
Notably, Visa’s latest compliance update suggests that 99% of the 77 processors that connect directly to Visa’s VisaNet authorization network were validated as PCI compliant, up from 97% of 78 processors that were in the previous quarter.
What do you think about this? Send us your feedback. Click Here.